Search

Find a vulnerability

Search criteria

    69 vulnerabilities by kolab

    VAR-201103-0114

    Vulnerability from variot - Updated: 2026-04-10 23:24

    The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Successful exploits can allow attackers to obtain email usernames and passwords. The following vendors are affected: Ipswitch Kerio Postfix Qmail-TLS Oracle (note that the affected application is unknown) SCO Group spamdyke ISC. Postfix is ​​a mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ========================================================================== Ubuntu Security Notice USN-1113-1 April 18, 2011

    postfix vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 10.10
    • Ubuntu 10.04 LTS
    • Ubuntu 9.10
    • Ubuntu 8.04 LTS
    • Ubuntu 6.06 LTS

    Summary:

    An attacker could send crafted input to Postfix and cause it to reveal confidential information. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)

    Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. (CVE-2011-0411)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 10.10: postfix 2.7.1-1ubuntu0.1

    Ubuntu 10.04 LTS: postfix 2.7.0-1ubuntu0.1

    Ubuntu 9.10: postfix 2.6.5-3ubuntu0.1

    Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.3

    Ubuntu 6.06 LTS: postfix 2.2.10-1ubuntu0.3

    In general, a standard system update will make all the necessary changes.

    References: CVE-2009-2939, CVE-2011-0411

    Package Information: https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1 https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3

    .

    CVE-2011-4130 ProFTPD uses a response pool after freeing it under exceptional conditions, possibly leading to remote code execution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-33


                                            http://security.gentoo.org/
    

    Severity: High Title: Postfix: Multiple vulnerabilities Date: June 25, 2012 Bugs: #358085, #366605 ID: 201206-33


    Synopsis

    A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution.

    Background

    Postfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy = to administer, and secure, as an alternative to the widely-used Sendmail program.

    Affected packages

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
    

    1 mail-mta/postfix < 2.7.4 >= 2.7.4

    Description

    A vulnerability have been discovered in Postfix. Please review the CVE identifier referenced below for details.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Postfix users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=mail-mta/postfix-2.7.4"

    References

    [ 1 ] CVE-2011-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411 [ 2 ] CVE-2011-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201206-33.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP (Simple Mail Transfer Protocol) over TLS (Transport Layer Security) including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is affected, fixes, and draw lessons about where we can expect similar problems. A time line is at the end.

    For further reading: http://www.kb.cert.org/vuls/id/555316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html (extended writeup)

    Wietse
    

    Problem overview and impact

    The TLS protocol encrypts communication and protects it against modification by other parties. This protection exists only if a) software is free of flaws, and b) clients verify the server's TLS certificate, so that there can be no "man in the middle" (servers usually don't verify client certificates).

    The problem discussed in this writeup is caused by a software flaw.

    The injected commands could be used to steal the victim's email or SASL (Simple Authentication and Security Layer) username and password.

    This is not as big a problem as it may appear to be. The reason is that many SMTP client applications don't verify server TLS certificates. These SMTP clients are always vulnerable to command injection and other attacks. Their TLS sessions are only encrypted but not protected.

    A similar plaintext injection flaw may exist in the way SMTP clients handle SMTP-over-TLS server responses, but its impact is less interesting than the server-side flaw.

    SMTP is not the only protocol with a mid-session switch from plaintext to TLS. Other examples are POP3, IMAP, NNTP and FTP. Implementations of these protocols may be affected by the same flaw as discussed here.

    Demonstration

    The problem is easy to demonstrate with a one-line change to the OpenSSL s_client command source code (I would prefer scripting, but having to install Perl CPAN modules and all their dependencies is more work than downloading a .tar.gz file from openssl.org, adding eight characters to one line, and doing "./config; make").

    The OpenSSL s_client command can make a connection to servers that support straight TLS, SMTP over TLS, or a handful other protocols over TLS. The demonstration with SMTP over TLS involves a one-line change in the OpenSSL s_client source code (with OpenSSL 1.0.0, at line 1129 of file apps/s_client.c).

    Old: BIO_printf(sbio,"STARTTLS\r\n"); New: BIO_printf(sbio,"STARTTLS\r\nRSET\r\n");

    With this change, the s_client command sends the plaintext STARTTLS command ("let's turn on TLS") immediately followed by an RSET command (a relatively harmless protocol "reset"). Both commands are sent as plaintext in the same TCP/IP packet, and arrive together at the server. The "\r\n" are the carriage-return and newline characters; these are necessary to terminate an SMTP command.

    When an SMTP server has the plaintext injection flaw, it reads the STARTTLS command first, switches to SMTP-over-TLS mode, and only then the server reads the RSET command. Note, the RSET command was transmitted during the plaintext SMTP phase when there is no protection, but the server reads the command as if it was received over the TLS-protected channel.

    Thus, when the SMTP server has the flaw, the s_client command output will show two "250" SMTP server responses instead of one. The first "250" response is normal, and is present even when the server is not flawed. The second "250" response is for the RSET command, and indicates that the SMTP server has the plaintext injection flaw.

    $ apps/openssl s_client -quiet -starttls smtp -connect server:port [some server TLS certificate details omitted] 250 some text here <=== Normal response, also with "good" server. 250 more text here <=== RSET response, only with flawed server.

    Anatomy of the flaw: it's all about the plumbing

    Whether a program may have the plaintext injection flaw depends on how it adjusts the plumbing, as it inserts the TLS protocol layer in-between the SMTP protocol layer and the O/S TCP/IP protocol layer. I illustrate this with examples from three open source MTAs: Postfix, Sendmail and Exim. The diagram below is best viewed with a fixed-width font, for example, from the Courier family.

    Postfix MTA         Sendmail MTA          Exim MTA
    before/after        before/after        before/after
    

    switch to TLS switch to TLS switch to TLS

    SMTP    SMTP        SMTP    SMTP        SMTP    SMTP   <= SMTP layer
     ||      ||          ||      ||          ||      ||
    

    stream stream stream stream' || || buffers buffers buffers buffers' rw r'w' <= stream layer rw r'w' rw r'w' || || || || || || || || || TLS || TLS || TLS <= TLS layer || || || || || || O/S O/S O/S O/S O/S O/S <= TCP/IP layer

    As shown in the diagram, both Postfix and Sendmail use an application- level stream abstraction, where each stream has properties such as read/write buffers, read/write functions (indicated with rw), and other properties that are omitted for brevity.

    When Postfix switches to SMTP over TLS, it replaces the plaintext read/write functions (rw) with the TLS read/write functions (r'w'). Postfix does not modify any of the other stream properties including the read/write buffers. A patch for qmail that introduces TLS support uses the same approach. This approach of replacing only the stream read/write functions, but not the buffers or other stream properties, can introduce the plaintext injection flaw.

    When Sendmail switches to SMTP over TLS, it replaces the entire stream, along with its read/write buffers and read/write functions. Exim, on the other hand, does not seem to have a stream abstraction like Postfix, Sendmail or qmail. Instead of replacing streams or stream properties, Exim replaces plaintext read/write functions with TLS read/write functions. Because of their program structure, Sendmail and Exim didn't suffer from the plaintext injection flaw.

    Fixing the problem

    There are two solutions to address the flaw, and both solutions can be used together.

    • Report an error when unexpected plaintext is received after the STARTTLS command. As documented in RFC 3207, STARTTLS must be the last command in a pipelined group. If plaintext commands are received after STARTTLS, then that is a protocol violation.

    This measure can also be implemented outside the MTA, for example in a protocol-aware firewall.

    • If a program uses the same input buffer before and after the switch to TLS, it should discard the contents of the input buffer, just like it discards SMTP protocol information that it received during the plaintext protocol phase.

    Conclusion

    This plaintext injection problem is likely to recur when some development moves the plaintext-to-ciphertext switch outside the application: for example, into the kernel, into the local hardware, into a proxy, or into other infrastructure. This encourages applications to use the same application-level streams and buffers and read/write functions before and after the switch to ciphertext. When this migration happens, plaintext injection becomes once more a possibility.

    Time line

    Jan 5 2011: While finishing Postfix for its annual release, I found and fixed this flaw in the SMTP server and client implementations, where it had been sitting ever since TLS support was adopted.

    Jan 6-10 2011: As we investigated the scope of the problem, Victor Duchovni (co-developer) discovered that other implementations were also affected including security providers and security appliances.

    Jan 11 2011: Contact CERT/CC to help coordinate with the problem's resolution.

    Mar 7 2011: Public announcement, and Postfix legacy release updates.

    Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

    The updated packages have been patched to correct this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411 http://www.postfix.org/CVE-2011-0411.html http://www.kb.cert.org/vuls/id/555316 http://www.securityfocus.com/archive/1/516901/30/0/threaded


    Updated Packages:

    Mandriva Linux 2009.0: eb607fe6834ded296aec54851a3bd56c 2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm 76a18eb7f7627ba5489137eb592d0c8b 2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm 61c70b9d189f68276601d724e8444d9f 2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm 24255918008338487798ea647860484e 2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm e4d4db07cb302b3072f78097f84e1b87 2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm ebd9879c9c773c3d57375809c696f517 2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm

    Mandriva Linux 2009.0/X86_64: 73053818f39aba0ee0bece7ab997b07c 2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm c0e3c04bfd70acc0ee09e7413b3a3400 2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm 435fe07232bf307882a1589bc1ccca22 2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm 4d1d018487d1c3328cd425d220136a6f 2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm e7bd9b102319bc1ed4cdda27edaf26e2 2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm 7051b04bff45730a0268c5b311361111 2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm b27d3f6b20b11f71fd54d0f50a8a4b47 2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm

    Mandriva Linux 2010.0: f83a569908244de2e04f13c5e9cbc29a 2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm b28f60198223458fe7a8b9c92d9901c1 2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm 1572c433ec62d49970a250050da98ed7 2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm 2aeb9f3d82b97e4314b3f8d6500a244a 2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm 2d93c886dda73832ee8b96961e0cc316 2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm 544853ecd21ca236324418232b59d206 2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm

    Mandriva Linux 2010.0/X86_64: 0282b58fb34ab310a8e66cda1792da37 2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm 644f3b20cfed1b5e57ef53a7ef94898a 2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm 16b27a49a3dcae6fa520c3cb24b2f69b 2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm 9e60217b6e8adc9a0e286df835f9d695 2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm 8594b10f400395fff17ffda26e9e3b3d 2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm e63fb8c5794ce971488898af1d537f36 2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm e3748479ec6c93be12808e26e6b0fa55 2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm

    Mandriva Linux 2010.1: 19ee5b6c6a18c73ccf1d74e20f89759d 2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm 7a468df2b451f6972c38faf1f60ad8af 2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm a814f84c61afd93f3416c69d993afd7a 2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm f6f7f9492ab304d28f8aa4bfc653ca1e 2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm 8013bafd20881dd85b3be95529be848d 2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm 145c8551dc1c51b071d1f3f992f8e638 2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm 8f0d058eda66267085cbe5a7f5133b60 2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm

    Mandriva Linux 2010.1/X86_64: 0a9207a9e00cce2e656ff248513d5bc3 2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a 2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm c8c5efad63b597b3d3a0aec3c5027ffa 2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm 71d9a4095514c72494c4f02d2696b619 2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm 8865fea8796435b2d715bf0d89c4530f 2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm 784960a49889f3fce8a308842321d8e8 2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm dc50ccda7bfb1a1f7f673bc251f14683 2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm c90d8220b74b39ce44a4b9dfe8876783 2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm

    Corporate 4.0: 6b7d62433679d20ae3b5cdf2668019e7 corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm c5d4cbc67d00e0ea8b32c6598d6d65f0 corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm 287daadea040f15c1e25a6de77a438b2 corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm aac87a567ae68c48d4e8226429b35697 corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm c331a8061b0c5a6639c633d608e37871 corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm 25ce650233120a54e830c120f773f715 corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 45b683c80b3006c3df5144bfe0fede86 corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm fc82cfcdbf89c059b6850edfa049128f corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm 7057754d88c8146d235d3ab96fd64d2f corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm 872c28155eb6276ba0fd1001387ffac7 corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm 644747748d18077fc63aa740c2947768 corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm 19b2a209beade7e6e25de6d0f3cb4b6d corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm f2f060fddbb666572eca06ae47e36a3a corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm

    Mandriva Enterprise Server 5: 9c50578bd954be2ea42e6f3f3131cc9c mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm bca22f9be6e6bef4e02f2ffb4623d2e3 mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm 45cfa7336d29cddca1ac07270d2b8287 mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm 87d4b942fefedc239a213b3ce5715cf0 mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm b3caf9572b69e757b9697139bb0ed5d8 mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm bde845f9957e2ead0e398c5bebef6f79 mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm

    Mandriva Enterprise Server 5/X86_64: d920df80c9fdbcb64a9c50d265acd7e8 mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm 1d09a25b69b76b2c013bac182c0e456d mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm 0afe348155bee4af965ec616d86a9219 mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm db4e476a96f489d957610fb1ff7c6f9e mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm 6ce0428271de05b3bb2d2e430c3281a3 mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm 32468daeee58b727ce1c85adcc2b364c mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm 8ad3739bcdf5297b2dddfb4e289049d9 mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project identifies the following problems:

    CVE-2009-2939 The postinst script grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

    CVE-2011-1720 A heap-based read-only buffer overflow allows malicious clients to crash the smtpd server process using a crafted SASL authentication request.

    For the oldstable distribution (lenny), this problem has been fixed in version 2.5.5-1.1+lenny1.

    For the stable distribution (squeeze), this problem has been fixed in version 2.7.1-1+squeeze1.

    For the unstable distribution (sid), this problem has been fixed in version 2.8.0-1.

    We recommend that you upgrade your postfix packages.

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

    iQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw 5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG 2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW DTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN jX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue YNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY= =yCCp -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.3"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.8"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.1"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.7"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.5"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.6"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.4"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.2"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "postfix",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.9"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.11"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.0"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.1"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.15"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.13"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.1"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.7.1"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.6"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.12"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.5"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.5"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.7"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.11"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.14"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.8"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.7.0"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.9"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.7.2"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.0"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.4.10"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.6"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.10"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.8"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "postfix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "postfix",
            "version": "2.5.7"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cyrus imap",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ipswitch",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "kerio",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "postfix",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "qmail tls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "watchguard",
            "version": null
          },
          {
            "_id": null,
            "model": "linux armel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "spamdyke",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "spamdyke",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.7.3"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "imap server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cyrus",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.22"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux enterprise sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "groupware server 2.2-rc3",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.9"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.01"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.4.9"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.5"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.5.5"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux server optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.3.2"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "pure-ftpd",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "pureftpd",
            "version": "1.0.30"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "linux lts",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.6"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "20011115"
          },
          {
            "_id": null,
            "model": "groupware server -rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.11"
          },
          {
            "_id": null,
            "model": "java system messaging server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mailserver patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.7.01"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.2.2"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "5.0.8"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pardus",
            "version": "20110"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.6.3"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.3"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail hotfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.22"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "5.0.5"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.13"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "enterprise linux workstation optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "mailserver patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.6.23"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "linux enterprise sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "pure-ftpd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pureftpd",
            "version": "1.0.29"
          },
          {
            "_id": null,
            "model": "groupware server 2.1.beta3",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.3.3"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.4.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.2"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.8"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.3"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.4.8"
          },
          {
            "_id": null,
            "model": "spamdyke",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "spamdyke",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "_id": null,
            "model": "mailserver patch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.1.31"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "1.1.13"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "19991231"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.4"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.0.3"
          },
          {
            "_id": null,
            "model": "imap server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cyrus",
            "version": "2.4.7"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.7"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.6.1"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "connect build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "7.1.42985"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.12"
          },
          {
            "_id": null,
            "model": "linux enterprise sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.6.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.4.2"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "groupware server 2.1beta2",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.0.5"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.6-20080902"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "5.0.6"
          },
          {
            "_id": null,
            "model": "linux enterprise sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "scooffice server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.9"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.20"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.4"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.2"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "1.1.12"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.2.4"
          },
          {
            "_id": null,
            "model": "enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "1.1.11"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.4"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "xcs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "watchguard",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "netqmail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "qmail smtpd auth",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "linux lts lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.14"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.4.1"
          },
          {
            "_id": null,
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.7"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.6"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "1.0.21"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.4"
          },
          {
            "_id": null,
            "model": "java system messaging server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.5"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "_id": null,
            "model": "groupware server 2.2-rc1",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.10"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.6.5"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.8"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "message networking sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.8"
          },
          {
            "_id": null,
            "model": "groupware server beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "inn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "linux armel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.10"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "20010228"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.6.4"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.1"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "imail hotfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "8.151"
          },
          {
            "_id": null,
            "model": "imap server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cyrus",
            "version": "2.4.6"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "2006.2"
          },
          {
            "_id": null,
            "model": "starttls",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ietf",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mailserver build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "6.6.17069"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "5.0.7"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "pardus",
            "version": "20090"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.2"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "messaging storage server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "groupware server beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.5"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "venema postfix patchlevel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.5.44"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "imail",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipswitch",
            "version": "7.0.6"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.4"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "6"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "2.2.10"
          },
          {
            "_id": null,
            "model": "venema postfix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "wietse",
            "version": "19990906"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "_id": null,
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mailserver",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kerio",
            "version": "5.7.6"
          },
          {
            "_id": null,
            "model": "xcs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "watchguard",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          },
          {
            "db": "BID",
            "id": "46767"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Wietse Venema",
        "sources": [
          {
            "db": "BID",
            "id": "46767"
          },
          {
            "db": "PACKETSTORM",
            "id": "99053"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2011-0411",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2011-0411",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-48356",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-0411",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#555316",
                "trust": 0.8,
                "value": "1.39"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201103-213",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-48356",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-0411",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack. Some STARTTLS implementations could allow a remote attacker to inject commands during the plaintext phase of the protocol. \nAn attacker can exploit this issue to execute arbitrary commands in the  context of the user running the application. Successful exploits can  allow attackers to obtain email usernames and passwords. \nThe following vendors are affected:\nIpswitch\nKerio\nPostfix\nQmail-TLS\nOracle (note that the affected application is unknown)\nSCO Group\nspamdyke\nISC. Postfix is \u200b\u200ba mail transfer agent used in Unix-like operating systems. The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 did not properly restrict I/ O buffering effect. ==========================================================================\nUbuntu Security Notice USN-1113-1\nApril 18, 2011\n\npostfix vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 9.10\n- Ubuntu 8.04 LTS\n- Ubuntu 6.06 LTS\n\nSummary:\n\nAn attacker could send crafted input to Postfix and cause it to reveal\nconfidential information. \nThis issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)\n\nWietse Venema discovered that Postfix incorrectly handled cleartext\ncommands after TLS is in place. (CVE-2011-0411)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n  postfix                         2.7.1-1ubuntu0.1\n\nUbuntu 10.04 LTS:\n  postfix                         2.7.0-1ubuntu0.1\n\nUbuntu 9.10:\n  postfix                         2.6.5-3ubuntu0.1\n\nUbuntu 8.04 LTS:\n  postfix                         2.5.1-2ubuntu1.3\n\nUbuntu 6.06 LTS:\n  postfix                         2.2.10-1ubuntu0.3\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  CVE-2009-2939, CVE-2011-0411\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1\n  https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1\n  https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3\n  https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3\n\n\n. \n\nCVE-2011-4130\n\tProFTPD uses a response pool after freeing it under\n\texceptional conditions, possibly leading to remote code\n\texecution. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201206-33\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Postfix: Multiple vulnerabilities\n     Date: June 25, 2012\n     Bugs: #358085, #366605\n       ID: 201206-33\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability has been found in Postfix, the worst of which possibly\nallowing remote code execution. \n\nBackground\n==========\n\nPostfix is Wietse Venema=E2=80=99s mailer that attempts to be fast, easy =\nto\nadminister, and secure, as an alternative to the widely-used Sendmail\nprogram. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  mail-mta/postfix             \u003c 2.7.4                    \u003e= 2.7.4\n\nDescription\n===========\n\nA vulnerability have been discovered in Postfix. Please review the CVE\nidentifier referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Postfix users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=mail-mta/postfix-2.7.4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-0411\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0411\n[ 2 ] CVE-2011-1720\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1720\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-33.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. This is a writeup about a flaw that I found recently, and that\nexisted in multiple implementations of SMTP (Simple Mail Transfer\nProtocol) over TLS (Transport Layer Security) including my Postfix\nopen source mailserver. I give an overview of the problem and its\nimpact, how to find out if a server is affected, fixes, and draw\nlessons about where we can expect similar problems.  A time line\nis at the end. \n\nFor further reading:\nhttp://www.kb.cert.org/vuls/id/555316 \nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\nhttp://www.postfix.org/CVE-2011-0411.html (extended writeup)\n\n\tWietse\n\nProblem overview and impact\n===========================\n\nThe TLS protocol encrypts communication and protects it against\nmodification by other parties. This protection exists only if a)\nsoftware is free of flaws, and b) clients verify the server\u0027s TLS\ncertificate, so that there can be no \"man in the middle\" (servers\nusually don\u0027t verify client certificates). \n\nThe problem discussed in this writeup is caused by a software flaw. \n\nThe injected commands could be used to steal the victim\u0027s email or\nSASL (Simple Authentication and Security Layer) username and password. \n\nThis is not as big a problem as it may appear to be.  The reason\nis that many SMTP client applications don\u0027t verify server TLS\ncertificates.  These SMTP clients are always vulnerable to command\ninjection and other attacks. Their TLS sessions are only encrypted\nbut not protected. \n\nA similar plaintext injection flaw may exist in the way SMTP clients\nhandle SMTP-over-TLS server responses, but its impact is less\ninteresting than the server-side flaw. \n\nSMTP is not the only protocol with a mid-session switch from plaintext\nto TLS.  Other examples are POP3, IMAP, NNTP and FTP. Implementations\nof these protocols may be affected by the same flaw as discussed here. \n\nDemonstration\n=============\n\nThe problem is easy to demonstrate with a one-line change to the\nOpenSSL s_client command source code (I would prefer scripting, but\nhaving to install Perl CPAN modules and all their dependencies is\nmore work than downloading a .tar.gz file from openssl.org, adding\neight characters to one line, and doing \"./config; make\"). \n\nThe OpenSSL s_client command can make a connection to servers that\nsupport straight TLS, SMTP over TLS, or a handful other protocols\nover TLS. The demonstration with SMTP over TLS involves a one-line\nchange in the OpenSSL s_client source code (with OpenSSL 1.0.0, at\nline 1129 of file apps/s_client.c). \n\nOld:\t\tBIO_printf(sbio,\"STARTTLS\\r\\n\");\nNew:\t\tBIO_printf(sbio,\"STARTTLS\\r\\nRSET\\r\\n\");\n\nWith this change, the s_client command sends the plaintext STARTTLS\ncommand (\"let\u0027s turn on TLS\") immediately followed by an RSET command\n(a relatively harmless protocol \"reset\"). Both commands are sent\nas plaintext in the same TCP/IP packet, and arrive together at the\nserver. The \"\\r\\n\" are the carriage-return and newline characters;\nthese are necessary to terminate an SMTP command. \n\nWhen an SMTP server has the plaintext injection flaw, it reads the\nSTARTTLS command first, switches to SMTP-over-TLS mode, and only\nthen the server reads the RSET command.  Note, the RSET command was\ntransmitted during the plaintext SMTP phase when there is no\nprotection, but the server reads the command as if it was received\nover the TLS-protected channel. \n\nThus, when the SMTP server has the flaw, the s_client command output\nwill show two \"250\" SMTP server responses instead of one. The first\n\"250\" response is normal, and is present even when the server is\nnot flawed.  The second \"250\" response is for the RSET command, and\nindicates that the SMTP server has the plaintext injection flaw. \n\n $ apps/openssl s_client -quiet -starttls smtp -connect server:port\n [some server TLS certificate details omitted]\n 250 some text here \u003c=== Normal response, also with \"good\" server. \n 250 more text here \u003c=== RSET response, only with flawed server. \n\nAnatomy of the flaw: it\u0027s all about the plumbing\n================================================\n\nWhether a program may have the plaintext injection flaw depends on\nhow it adjusts the plumbing, as it inserts the TLS protocol layer\nin-between the SMTP protocol layer and the O/S TCP/IP protocol\nlayer. I illustrate this with examples from three open source MTAs:\nPostfix, Sendmail and Exim. The diagram below is best viewed with\na fixed-width font, for example, from the Courier family. \n\n    Postfix MTA         Sendmail MTA          Exim MTA\n    before/after        before/after        before/after\n   switch to TLS       switch to TLS       switch to TLS\n\n    SMTP    SMTP        SMTP    SMTP        SMTP    SMTP   \u003c= SMTP layer\n     ||      ||          ||      ||          ||      ||\n   stream  stream      stream  stream\u0027       ||      ||\n  buffers  buffers    buffers  buffers\u0027      rw     r\u0027w\u0027   \u003c= stream layer\n     rw     r\u0027w\u0027         rw     r\u0027w\u0027         ||      ||\n     ||      ||          ||      ||          ||      ||\n     ||     TLS          ||     TLS          ||     TLS    \u003c= TLS layer\n     ||      ||          ||      ||          ||      ||\n    O/S     O/S         O/S     O/S         O/S     O/S    \u003c= TCP/IP layer\n\nAs shown in the diagram, both Postfix and Sendmail use an application-\nlevel stream abstraction, where each stream has properties such as\nread/write buffers, read/write functions (indicated with rw), and\nother properties that are omitted for brevity. \n\nWhen Postfix switches to SMTP over TLS, it replaces the plaintext\nread/write functions (rw) with the TLS read/write functions (r\u0027w\u0027). \nPostfix does not modify any of the other stream properties including\nthe read/write buffers.  A patch for qmail that introduces TLS\nsupport uses the same approach.  This approach of replacing only\nthe stream read/write functions, but not the buffers or other stream\nproperties, can introduce the plaintext injection flaw. \n\nWhen Sendmail switches to SMTP over TLS, it replaces the entire\nstream, along with its read/write buffers and read/write functions. \nExim, on the other hand, does not seem to have a stream abstraction\nlike Postfix, Sendmail or qmail.  Instead of replacing streams or\nstream properties, Exim replaces plaintext read/write functions\nwith TLS read/write functions.  Because of their program structure,\nSendmail and Exim didn\u0027t suffer from the plaintext injection flaw. \n\nFixing the problem\n==================\n\nThere are two solutions to address the flaw, and both solutions can\nbe used together. \n\n- Report an error when unexpected plaintext is received after the\n  STARTTLS command.  As documented in RFC 3207, STARTTLS must be\n  the last command in a pipelined group. If plaintext commands are\n  received after STARTTLS, then that is a protocol violation.  \n\n  This measure can also be implemented outside the MTA, for example\n  in a protocol-aware firewall. \n\n- If a program uses the same input buffer before and after the\n  switch to TLS, it should discard the contents of the input buffer,\n  just like it discards SMTP protocol information that it received\n  during the plaintext protocol phase. \n\nConclusion\n==========\n\nThis plaintext injection problem is likely to recur when some\ndevelopment moves the plaintext-to-ciphertext switch outside the\napplication: for example, into the kernel, into the local hardware,\ninto a proxy, or into other infrastructure.  This encourages\napplications to use the same application-level streams and buffers\nand read/write functions before and after the switch to ciphertext. \nWhen this migration happens, plaintext injection becomes once more\na possibility. \n\nTime line\n=========\n\nJan 5 2011: While finishing Postfix for its annual release, I found\nand fixed this flaw in the SMTP server and client implementations,\nwhere it had been sitting ever since TLS support was adopted. \n\nJan 6-10 2011: As we investigated the scope of the problem, Victor\nDuchovni (co-developer) discovered that other implementations were\nalso affected including security providers and security appliances. \n\nJan 11 2011: Contact CERT/CC to help coordinate with the problem\u0027s\nresolution. \n\nMar 7 2011: Public announcement, and Postfix legacy release updates. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411\n http://www.postfix.org/CVE-2011-0411.html\n http://www.kb.cert.org/vuls/id/555316\n http://www.securityfocus.com/archive/1/516901/30/0/threaded\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n eb607fe6834ded296aec54851a3bd56c  2009.0/i586/libpostfix1-2.5.5-4.2mdv2009.0.i586.rpm\n 76a18eb7f7627ba5489137eb592d0c8b  2009.0/i586/postfix-2.5.5-4.2mdv2009.0.i586.rpm\n 61c70b9d189f68276601d724e8444d9f  2009.0/i586/postfix-ldap-2.5.5-4.2mdv2009.0.i586.rpm\n 24255918008338487798ea647860484e  2009.0/i586/postfix-mysql-2.5.5-4.2mdv2009.0.i586.rpm\n e4d4db07cb302b3072f78097f84e1b87  2009.0/i586/postfix-pcre-2.5.5-4.2mdv2009.0.i586.rpm\n ebd9879c9c773c3d57375809c696f517  2009.0/i586/postfix-pgsql-2.5.5-4.2mdv2009.0.i586.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47  2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 73053818f39aba0ee0bece7ab997b07c  2009.0/x86_64/lib64postfix1-2.5.5-4.2mdv2009.0.x86_64.rpm\n c0e3c04bfd70acc0ee09e7413b3a3400  2009.0/x86_64/postfix-2.5.5-4.2mdv2009.0.x86_64.rpm\n 435fe07232bf307882a1589bc1ccca22  2009.0/x86_64/postfix-ldap-2.5.5-4.2mdv2009.0.x86_64.rpm\n 4d1d018487d1c3328cd425d220136a6f  2009.0/x86_64/postfix-mysql-2.5.5-4.2mdv2009.0.x86_64.rpm\n e7bd9b102319bc1ed4cdda27edaf26e2  2009.0/x86_64/postfix-pcre-2.5.5-4.2mdv2009.0.x86_64.rpm\n 7051b04bff45730a0268c5b311361111  2009.0/x86_64/postfix-pgsql-2.5.5-4.2mdv2009.0.x86_64.rpm \n b27d3f6b20b11f71fd54d0f50a8a4b47  2009.0/SRPMS/postfix-2.5.5-4.2mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n f83a569908244de2e04f13c5e9cbc29a  2010.0/i586/libpostfix1-2.6.5-2.1mdv2010.0.i586.rpm\n b28f60198223458fe7a8b9c92d9901c1  2010.0/i586/postfix-2.6.5-2.1mdv2010.0.i586.rpm\n 1572c433ec62d49970a250050da98ed7  2010.0/i586/postfix-ldap-2.6.5-2.1mdv2010.0.i586.rpm\n 2aeb9f3d82b97e4314b3f8d6500a244a  2010.0/i586/postfix-mysql-2.6.5-2.1mdv2010.0.i586.rpm\n 2d93c886dda73832ee8b96961e0cc316  2010.0/i586/postfix-pcre-2.6.5-2.1mdv2010.0.i586.rpm\n 544853ecd21ca236324418232b59d206  2010.0/i586/postfix-pgsql-2.6.5-2.1mdv2010.0.i586.rpm \n e3748479ec6c93be12808e26e6b0fa55  2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 0282b58fb34ab310a8e66cda1792da37  2010.0/x86_64/lib64postfix1-2.6.5-2.1mdv2010.0.x86_64.rpm\n 644f3b20cfed1b5e57ef53a7ef94898a  2010.0/x86_64/postfix-2.6.5-2.1mdv2010.0.x86_64.rpm\n 16b27a49a3dcae6fa520c3cb24b2f69b  2010.0/x86_64/postfix-ldap-2.6.5-2.1mdv2010.0.x86_64.rpm\n 9e60217b6e8adc9a0e286df835f9d695  2010.0/x86_64/postfix-mysql-2.6.5-2.1mdv2010.0.x86_64.rpm\n 8594b10f400395fff17ffda26e9e3b3d  2010.0/x86_64/postfix-pcre-2.6.5-2.1mdv2010.0.x86_64.rpm\n e63fb8c5794ce971488898af1d537f36  2010.0/x86_64/postfix-pgsql-2.6.5-2.1mdv2010.0.x86_64.rpm \n e3748479ec6c93be12808e26e6b0fa55  2010.0/SRPMS/postfix-2.6.5-2.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 19ee5b6c6a18c73ccf1d74e20f89759d  2010.1/i586/libpostfix1-2.7.0-4.1mdv2010.2.i586.rpm\n 7a468df2b451f6972c38faf1f60ad8af  2010.1/i586/postfix-2.7.0-4.1mdv2010.2.i586.rpm\n a814f84c61afd93f3416c69d993afd7a  2010.1/i586/postfix-cdb-2.7.0-4.1mdv2010.2.i586.rpm\n f6f7f9492ab304d28f8aa4bfc653ca1e  2010.1/i586/postfix-ldap-2.7.0-4.1mdv2010.2.i586.rpm\n 8013bafd20881dd85b3be95529be848d  2010.1/i586/postfix-mysql-2.7.0-4.1mdv2010.2.i586.rpm\n 145c8551dc1c51b071d1f3f992f8e638  2010.1/i586/postfix-pcre-2.7.0-4.1mdv2010.2.i586.rpm\n 8f0d058eda66267085cbe5a7f5133b60  2010.1/i586/postfix-pgsql-2.7.0-4.1mdv2010.2.i586.rpm \n c90d8220b74b39ce44a4b9dfe8876783  2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 0a9207a9e00cce2e656ff248513d5bc3  2010.1/x86_64/lib64postfix1-2.7.0-4.1mdv2010.2.x86_64.rpm\n 3e2cc9ea2bf3d6979d5c6a5b3ec9b54a  2010.1/x86_64/postfix-2.7.0-4.1mdv2010.2.x86_64.rpm\n c8c5efad63b597b3d3a0aec3c5027ffa  2010.1/x86_64/postfix-cdb-2.7.0-4.1mdv2010.2.x86_64.rpm\n 71d9a4095514c72494c4f02d2696b619  2010.1/x86_64/postfix-ldap-2.7.0-4.1mdv2010.2.x86_64.rpm\n 8865fea8796435b2d715bf0d89c4530f  2010.1/x86_64/postfix-mysql-2.7.0-4.1mdv2010.2.x86_64.rpm\n 784960a49889f3fce8a308842321d8e8  2010.1/x86_64/postfix-pcre-2.7.0-4.1mdv2010.2.x86_64.rpm\n dc50ccda7bfb1a1f7f673bc251f14683  2010.1/x86_64/postfix-pgsql-2.7.0-4.1mdv2010.2.x86_64.rpm \n c90d8220b74b39ce44a4b9dfe8876783  2010.1/SRPMS/postfix-2.7.0-4.1mdv2010.2.src.rpm\n\n Corporate 4.0:\n 6b7d62433679d20ae3b5cdf2668019e7  corporate/4.0/i586/libpostfix1-2.3.5-0.4.20060mlcs4.i586.rpm\n c5d4cbc67d00e0ea8b32c6598d6d65f0  corporate/4.0/i586/postfix-2.3.5-0.4.20060mlcs4.i586.rpm\n 287daadea040f15c1e25a6de77a438b2  corporate/4.0/i586/postfix-ldap-2.3.5-0.4.20060mlcs4.i586.rpm\n aac87a567ae68c48d4e8226429b35697  corporate/4.0/i586/postfix-mysql-2.3.5-0.4.20060mlcs4.i586.rpm\n c331a8061b0c5a6639c633d608e37871  corporate/4.0/i586/postfix-pcre-2.3.5-0.4.20060mlcs4.i586.rpm\n 25ce650233120a54e830c120f773f715  corporate/4.0/i586/postfix-pgsql-2.3.5-0.4.20060mlcs4.i586.rpm \n f2f060fddbb666572eca06ae47e36a3a  corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 45b683c80b3006c3df5144bfe0fede86  corporate/4.0/x86_64/lib64postfix1-2.3.5-0.4.20060mlcs4.x86_64.rpm\n fc82cfcdbf89c059b6850edfa049128f  corporate/4.0/x86_64/postfix-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 7057754d88c8146d235d3ab96fd64d2f  corporate/4.0/x86_64/postfix-ldap-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 872c28155eb6276ba0fd1001387ffac7  corporate/4.0/x86_64/postfix-mysql-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 644747748d18077fc63aa740c2947768  corporate/4.0/x86_64/postfix-pcre-2.3.5-0.4.20060mlcs4.x86_64.rpm\n 19b2a209beade7e6e25de6d0f3cb4b6d  corporate/4.0/x86_64/postfix-pgsql-2.3.5-0.4.20060mlcs4.x86_64.rpm \n f2f060fddbb666572eca06ae47e36a3a  corporate/4.0/SRPMS/postfix-2.3.5-0.4.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 9c50578bd954be2ea42e6f3f3131cc9c  mes5/i586/libpostfix1-2.5.5-4.2mdvmes5.2.i586.rpm\n bca22f9be6e6bef4e02f2ffb4623d2e3  mes5/i586/postfix-2.5.5-4.2mdvmes5.2.i586.rpm\n 45cfa7336d29cddca1ac07270d2b8287  mes5/i586/postfix-ldap-2.5.5-4.2mdvmes5.2.i586.rpm\n 87d4b942fefedc239a213b3ce5715cf0  mes5/i586/postfix-mysql-2.5.5-4.2mdvmes5.2.i586.rpm\n b3caf9572b69e757b9697139bb0ed5d8  mes5/i586/postfix-pcre-2.5.5-4.2mdvmes5.2.i586.rpm\n bde845f9957e2ead0e398c5bebef6f79  mes5/i586/postfix-pgsql-2.5.5-4.2mdvmes5.2.i586.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9  mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n d920df80c9fdbcb64a9c50d265acd7e8  mes5/x86_64/lib64postfix1-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 1d09a25b69b76b2c013bac182c0e456d  mes5/x86_64/postfix-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 0afe348155bee4af965ec616d86a9219  mes5/x86_64/postfix-ldap-2.5.5-4.2mdvmes5.2.x86_64.rpm\n db4e476a96f489d957610fb1ff7c6f9e  mes5/x86_64/postfix-mysql-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 6ce0428271de05b3bb2d2e430c3281a3  mes5/x86_64/postfix-pcre-2.5.5-4.2mdvmes5.2.x86_64.rpm\n 32468daeee58b727ce1c85adcc2b364c  mes5/x86_64/postfix-pgsql-2.5.5-4.2mdvmes5.2.x86_64.rpm \n 8ad3739bcdf5297b2dddfb4e289049d9  mes5/SRPMS/postfix-2.5.5-4.2mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you.  The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2009-2939\n        The postinst script grants the postfix user write access to\n        /var/spool/postfix/pid, which might allow local users to\n        conduct symlink attacks that overwrite arbitrary files. \n\nCVE-2011-1720\n        A heap-based read-only buffer overflow allows malicious\n        clients to crash the smtpd server process using a crafted SASL\n        authentication request. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1. \n\nWe recommend that you upgrade your postfix packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJNyXybAAoJEL97/wQC1SS+xb0H/igqYhOTtvO91deptOPyednw\n5sBQPXGoo+RXeomLsJk8P6ezm7fEGTSl7GUEpNwS1qsqAPVnl9XAK6dOGFae1PbG\n2L93eR6AKgKo60tp2On1Tf1c0HcD6yKiZ6J7C7nZ3E8+yZwSd1k6826ZUQ3gzKKW\nDTIu6w2CzzleK/bppWfhAvwvobHD6X1B16qklZfqw6H0C/QfMjM8ZXLCRv9Tq1TN\njX1W4qeed7pr8r3pTJ9npzae7drqFLoVDi0tpGKi0UHEwgRma1AbDaI2BVmeblue\nYNRHg7H+TqfrUwN8iB64WrYvqnHCQfvViL8f0ML2uJXJf/lHby+vxPl6EGxAIoY=\n=yCCp\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          },
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          },
          {
            "db": "BID",
            "id": "46767"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411"
          },
          {
            "db": "PACKETSTORM",
            "id": "100558"
          },
          {
            "db": "PACKETSTORM",
            "id": "107027"
          },
          {
            "db": "PACKETSTORM",
            "id": "99457"
          },
          {
            "db": "PACKETSTORM",
            "id": "114177"
          },
          {
            "db": "PACKETSTORM",
            "id": "99053"
          },
          {
            "db": "PACKETSTORM",
            "id": "99392"
          },
          {
            "db": "PACKETSTORM",
            "id": "101275"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#555316",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "46767",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "43646",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "43874",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0891",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0752",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2011-0611",
            "trust": 1.8
          },
          {
            "db": "OSVDB",
            "id": "71021",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1025179",
            "trust": 1.8
          },
          {
            "db": "JUNIPER",
            "id": "JSA10705",
            "trust": 1.8
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/08/10/2",
            "trust": 1.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213",
            "trust": 0.7
          },
          {
            "db": "PACKETSTORM",
            "id": "99457",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "114177",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "99392",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "107027",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "99053",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "100558",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101275",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411"
          },
          {
            "db": "BID",
            "id": "46767"
          },
          {
            "db": "PACKETSTORM",
            "id": "100558"
          },
          {
            "db": "PACKETSTORM",
            "id": "107027"
          },
          {
            "db": "PACKETSTORM",
            "id": "99457"
          },
          {
            "db": "PACKETSTORM",
            "id": "114177"
          },
          {
            "db": "PACKETSTORM",
            "id": "99053"
          },
          {
            "db": "PACKETSTORM",
            "id": "99392"
          },
          {
            "db": "PACKETSTORM",
            "id": "101275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          }
        ]
      },
      "id": "VAR-201103-0114",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-04-10T23:24:36.765000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Postfix STARTTLS Achieve repair measures for plaintext command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159437"
          },
          {
            "title": "Debian CVElist Bug Report Logs: postfix STARTTLS affected by CVE-2011-0411",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=74282b8fe400ed6ddbb6171a1052e2fd"
          },
          {
            "title": "Debian CVElist Bug Report Logs: [CVE-2011-4130] Use-after-free issue",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=f7453f9ff437afb706c192fb10d67eb2"
          },
          {
            "title": "Debian CVElist Bug Report Logs: inn: CVE-2012-3523 prone to STARTTLS plaintext command injection",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a774850c70017348487727b907fda84b"
          },
          {
            "title": "Debian CVElist Bug Report Logs: courier: CVE-2021-38084",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9dc8ffd76b724b58108eb46bc913121c"
          },
          {
            "title": "Debian CVElist Bug Report Logs: STARTTLS plaintext command injection",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b03b4eab65949f1c915b1538f80e6a4b"
          },
          {
            "title": "Ubuntu Security Notice: postfix vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1113-1"
          },
          {
            "title": "Debian Security Advisories: DSA-2346-2 proftpd-dfsg -- several vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a1db5959643fcc6f1957a67359aa92ed"
          },
          {
            "title": "Debian Security Advisories: DSA-2233-1 postfix -- several vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=96aadd3bb66ec0adb18615b395c09544"
          },
          {
            "title": "Vision",
            "trust": 0.1,
            "url": "https://github.com/CoolerVoid/Vision "
          },
          {
            "title": "Vision2",
            "trust": 0.1,
            "url": "https://github.com/CoolerVoid/Vision2 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-0411"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.kb.cert.org/vuls/id/555316"
          },
          {
            "trust": 2.4,
            "url": "http://www.postfix.org/cve-2011-0411.html"
          },
          {
            "trust": 2.1,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "trust": 1.9,
            "url": "http://security.gentoo.org/glsa/glsa-201206-33.xml"
          },
          {
            "trust": 1.8,
            "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/46767"
          },
          {
            "trust": 1.8,
            "url": "http://support.apple.com/kb/ht5002"
          },
          {
            "trust": 1.8,
            "url": "http://www.kb.cert.org/vuls/id/moro-8elh6z"
          },
          {
            "trust": 1.8,
            "url": "http://www.debian.org/security/2011/dsa-2233"
          },
          {
            "trust": 1.8,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056560.html"
          },
          {
            "trust": 1.8,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-march/056559.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.osvdb.org/71021"
          },
          {
            "trust": 1.8,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-0422.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-0423.html"
          },
          {
            "trust": 1.8,
            "url": "http://securitytracker.com/id?1025179"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/43646"
          },
          {
            "trust": 1.8,
            "url": "http://secunia.com/advisories/43874"
          },
          {
            "trust": 1.8,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "trust": 1.8,
            "url": "http://www.vupen.com/english/advisories/2011/0611"
          },
          {
            "trust": 1.8,
            "url": "http://www.vupen.com/english/advisories/2011/0752"
          },
          {
            "trust": 1.8,
            "url": "http://www.vupen.com/english/advisories/2011/0891"
          },
          {
            "trust": 1.8,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"
          },
          {
            "trust": 1.7,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10705"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2021/08/10/2"
          },
          {
            "trust": 0.8,
            "url": "http://tools.ietf.org/html/rfc2595"
          },
          {
            "trust": 0.8,
            "url": "http://tools.ietf.org/html/rfc3207"
          },
          {
            "trust": 0.8,
            "url": "http://tools.ietf.org/html/rfc4642"
          },
          {
            "trust": 0.8,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=674814"
          },
          {
            "trust": 0.8,
            "url": "http://www.watchguard.com/archive/softwarecenter.asp"
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
          },
          {
            "trust": 0.3,
            "url": "http://kolab.org/pipermail/kolab-announce/2011/000101.html"
          },
          {
            "trust": 0.3,
            "url": "http://bugzilla.cyrusimap.org/show_bug.cgi?id=3424"
          },
          {
            "trust": 0.3,
            "url": "http://cyrusimap.org/mediawiki/index.php/bugs_resolved_in_2.4.7"
          },
          {
            "trust": 0.3,
            "url": "https://www.isc.org/software/inn/2.5.3article"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/mapg-8d9m4p"
          },
          {
            "trust": 0.3,
            "url": "http://files.kolab.org/server/release/kolab-server-2.3.2/sources/release-notes.txt"
          },
          {
            "trust": 0.3,
            "url": "http://www.pureftpd.org/project/pure-ftpd/news"
          },
          {
            "trust": 0.3,
            "url": "http://www.watchguard.com/support/release-notes/xcs/9/en-us/en_releasenotes_xcs_9_1_1/en_releasenotes_wg_xcs_9_1_tls_hotfix.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.spamdyke.org/documentation/changelog.txt"
          },
          {
            "trust": 0.3,
            "url": "http://datatracker.ietf.org/doc/draft-josefsson-kerberos5-starttls/?include_text=1"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/516901"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100134676"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100141041"
          },
          {
            "trust": 0.3,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850478"
          },
          {
            "trust": 0.3,
            "url": "http://inoa.net/qmail-tls/vu555316.patch"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2939"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/faq"
          },
          {
            "trust": 0.2,
            "url": "http://www.debian.org/security/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1720"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0411"
          },
          {
            "trust": 0.1,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10705"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/264.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617849"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22617"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/1113-1/"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/postfix/2.6.5-3ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/postfix/2.2.10-1ubuntu0.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/postfix/2.7.0-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/postfix/2.7.1-1ubuntu0.1"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/postfix/2.5.1-2ubuntu1.3"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4130"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1720"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0411"
          },
          {
            "trust": 0.1,
            "url": "http://www.securityfocus.com/archive/1/516901/30/0/threaded"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411"
          },
          {
            "db": "BID",
            "id": "46767"
          },
          {
            "db": "PACKETSTORM",
            "id": "100558"
          },
          {
            "db": "PACKETSTORM",
            "id": "107027"
          },
          {
            "db": "PACKETSTORM",
            "id": "99457"
          },
          {
            "db": "PACKETSTORM",
            "id": "114177"
          },
          {
            "db": "PACKETSTORM",
            "id": "99053"
          },
          {
            "db": "PACKETSTORM",
            "id": "99392"
          },
          {
            "db": "PACKETSTORM",
            "id": "101275"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#555316",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-48356",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-0411",
            "ident": null
          },
          {
            "db": "BID",
            "id": "46767",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "100558",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "107027",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "99457",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "114177",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "99053",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "99392",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "101275",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-0411",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-03-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555316",
            "ident": null
          },
          {
            "date": "2011-03-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-48356",
            "ident": null
          },
          {
            "date": "2011-03-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-0411",
            "ident": null
          },
          {
            "date": "2011-03-07T00:00:00",
            "db": "BID",
            "id": "46767",
            "ident": null
          },
          {
            "date": "2011-04-18T22:40:46",
            "db": "PACKETSTORM",
            "id": "100558",
            "ident": null
          },
          {
            "date": "2011-11-16T04:40:08",
            "db": "PACKETSTORM",
            "id": "107027",
            "ident": null
          },
          {
            "date": "2011-03-18T21:45:06",
            "db": "PACKETSTORM",
            "id": "99457",
            "ident": null
          },
          {
            "date": "2012-06-25T22:58:41",
            "db": "PACKETSTORM",
            "id": "114177",
            "ident": null
          },
          {
            "date": "2011-03-07T19:44:44",
            "db": "PACKETSTORM",
            "id": "99053",
            "ident": null
          },
          {
            "date": "2011-03-16T21:26:42",
            "db": "PACKETSTORM",
            "id": "99392",
            "ident": null
          },
          {
            "date": "2011-05-10T18:42:48",
            "db": "PACKETSTORM",
            "id": "101275",
            "ident": null
          },
          {
            "date": "2011-03-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201103-213",
            "ident": null
          },
          {
            "date": "2011-03-16T22:55:02.717000",
            "db": "NVD",
            "id": "CVE-2011-0411",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-09-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#555316",
            "ident": null
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "VULHUB",
            "id": "VHN-48356",
            "ident": null
          },
          {
            "date": "2021-08-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-0411",
            "ident": null
          },
          {
            "date": "2015-04-13T21:35:00",
            "db": "BID",
            "id": "46767",
            "ident": null
          },
          {
            "date": "2021-08-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201103-213",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-0411",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "107027"
          },
          {
            "db": "PACKETSTORM",
            "id": "114177"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "STARTTLS plaintext command injection vulnerability",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#555316"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201103-213"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1586

    Vulnerability from variot - Updated: 2026-04-10 22:44

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. OpenSSL library vulnerabilities:
    
    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    (CVE-2006-4343) The get_server_hello function in the SSLv2 client
    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
    earlier versions allows remote servers to cause a denial of service
    (client crash) via unknown vectors that trigger a null pointer
    dereference. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 4.0,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "rpath",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gnutls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "_id": null,
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "_id": null,
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "_id": null,
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "_id": null,
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "_id": null,
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "_id": null,
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "_id": null,
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "_id": null,
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "_id": null,
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "_id": null,
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "_id": null,
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "_id": null,
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "_id": null,
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "_id": null,
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "_id": null,
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "_id": null,
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "_id": null,
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "_id": null,
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "_id": null,
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "_id": null,
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "_id": null,
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "_id": null,
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "_id": null,
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "_id": null,
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "_id": null,
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "_id": null,
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "_id": null,
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "_id": null,
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "_id": null,
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "_id": null,
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "_id": null,
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "_id": null,
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "_id": null,
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#423396",
                "trust": 0.8,
                "value": "7.92"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion.  This vulnerability may cause a denial of service. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    (CVE-2006-4343) The get_server_hello function in the SSLv2 client\n    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n    earlier versions allows remote servers to cause a denial of service\n    (client crash) via unknown vectors that trigger a null pointer\n    dereference. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.76
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 4.5
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 3.8
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 1.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200609-1586",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2026-04-10T22:44:19.599000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 4.2,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 3.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2531"
          },
          {
            "trust": 0.8,
            "url": "http://www.hornik.sk/sa/sa-20040802.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.gnu.org/software/gnutls/"
          },
          {
            "trust": 0.8,
            "url": "http://www.securitytracker.com/alerts/2004/aug/1010838.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "20247",
            "ident": null
          },
          {
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247",
            "ident": null
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684",
            "ident": null
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053",
            "ident": null
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324",
            "ident": null
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "ident": null
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247",
            "ident": null
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "_id": null,
        "data": "X.509 certificate verification may be vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0206

    Vulnerability from variot - Updated: 2026-03-09 23:10

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. OpenSSL library vulnerabilities:
    
    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "_id": null,
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "_id": null,
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "_id": null,
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "_id": null,
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "_id": null,
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "_id": null,
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "_id": null,
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "_id": null,
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "_id": null,
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "_id": null,
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "_id": null,
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "_id": null,
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "_id": null,
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          }
        ],
        "trust": 4.41
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200110-0206",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333334
      },
      "last_update_date": "2026-03-09T23:10:59.953000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.4,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684",
            "ident": null
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990",
            "ident": null
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257",
            "ident": null
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324",
            "ident": null
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "_id": null,
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200110-0182

    Vulnerability from variot - Updated: 2026-03-09 20:18

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-26000"
          },
          {
            "_id": null,
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "networks meridian option 61c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "systems management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.168"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux database server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "_id": null,
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for gauntlet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1050"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "networks meridian option 51c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "aironet acs350 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3502.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "6000"
          },
          {
            "_id": null,
            "model": "networks cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "_id": null,
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "_id": null,
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "networks meridian option 81c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "networks self-service mps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "_id": null,
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "_id": null,
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2700"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1740"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1010"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "networks communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0.0x64"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-45000"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-46000"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "17500"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "_id": null,
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "_id": null,
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.6"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "_id": null,
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "networks ip address domain manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "nortel",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "_id": null,
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "networks meridian option 11c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1700"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "_id": null,
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for isa server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "_id": null,
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100"
          },
          {
            "_id": null,
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "_id": null,
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "_id": null,
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "7250.0"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Tavis Ormandy taviso@gentoo.org Will Drewry wad@google.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-3738",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-3738",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-3738",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-536",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          }
        ],
        "trust": 3.6
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "trust": 2.2
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "30161",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22654",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22633",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4314",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29262",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "id": "VAR-200110-0182",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28107159000000004
      },
      "last_update_date": "2026-03-09T20:18:13.663000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29262"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "/archive/1/481217"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990",
            "ident": null
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-536",
            "ident": null
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2011-05-09T19:52:00",
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-536",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "_id": null,
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1274

    Vulnerability from variot - Updated: 2026-03-07 22:10

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937)

    Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. (CVE-2006-4343)

    Updated packages are patched to address these issues.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    ============================================================================= FreeBSD-SA-07:08.openssl Security Advisory The FreeBSD Project

    Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers()

    Category: contrib Module: openssl Announced: 2007-10-03 Credits: Moritz Jodeit Affects: All FreeBSD releases. Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

    I. Background

    FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

    II. Problem Description

    A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.

    III.

    IV. Workaround

    No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected.

    V. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

    2) To patch your present system:

    The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

    b) Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    cd /usr/src/secure/lib/libssl

    make obj && make depend && make && make install

    VI. Correction details

    The following list contains the revision numbers of each file that was corrected in FreeBSD.

    Branch Revision Path


    RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2


    VII. References

    http://marc.info/?l=bugtraq&m=119091888624735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

    The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD)

    iD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS cNFjW3j2eolZhlee83l3blo= =zwC2 -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1274",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-26000"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "networks meridian option 61c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "systems management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.168"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux database server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "stonebeat fullcluster for gauntlet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1050"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "networks meridian option 51c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "aironet acs350 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3502.6"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "6000"
          },
          {
            "model": "networks cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.5"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "fuji",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "networks meridian option 81c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.4"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks self-service mps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5.2"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2700"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1740"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1010"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.1"
          },
          {
            "model": "networks communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0.0x64"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-45000"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-46000"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "17500"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "1.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.6"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "networks ip address domain manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.3"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.8"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "networks meridian option 11c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.1"
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1700"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "stonebeat fullcluster for isa server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "7250.0"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-3738",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-3738",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-3738",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. This can result in an infinite loop which\n consumes system memory. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. This could be used by an attacker in a denial of service\n attack. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-07:08.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Buffer overflow in OpenSSL SSL_get_shared_ciphers()\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2007-10-03\nCredits:        Moritz Jodeit\nAffects:        All FreeBSD releases. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found\nto be incorrectly fixed. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII. References\n\nhttp://marc.info/?l=bugtraq\u0026m=119091888624735\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135\n\nThe latest revision of this advisory is available at\nhttp://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (FreeBSD)\n\niD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS\ncNFjW3j2eolZhlee83l3blo=\n=zwC2\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          }
        ],
        "trust": 3.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "trust": 1.6
          },
          {
            "db": "SECUNIA",
            "id": "30161",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22654",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22633",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4314",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29262",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "59797",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "id": "VAR-200609-1274",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28107159000000004
      },
      "last_update_date": "2026-03-07T22:10:40.447000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29262"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "/archive/1/481217"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-10-05T05:29:31",
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:52:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201003-1105

    Vulnerability from variot - Updated: 2026-03-07 21:44

    The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory. If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.An attacker may gain access to the data that have been deleted from the memory. Apache is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. NOTE: This issue was previously described in BID 38494 (Apache Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability.

    Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

    The updated packages have been patched to correct this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://svn.apache.org/viewvc?view=revision&revision=917867 http://httpd.apache.org/security/vulnerabilities_22.html


    Updated Packages:

    Mandriva Linux 2008.0: 23ff92149bae266e77a0dee41145e112 2008.0/i586/apache-base-2.2.6-8.5mdv2008.0.i586.rpm ddad03b1e60dc5ce8e7c9153ab37d45f 2008.0/i586/apache-devel-2.2.6-8.5mdv2008.0.i586.rpm a9285879e43c043e0f34cc78fc5258e4 2008.0/i586/apache-htcacheclean-2.2.6-8.5mdv2008.0.i586.rpm 9c78955e8d90fc50c11ccc586de3b6b0 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.i586.rpm 29152b393906d4092b002ad7f7fff4e5 2008.0/i586/apache-mod_cache-2.2.6-8.5mdv2008.0.i586.rpm 342b3554786301fb899c0d0643b9dd1f 2008.0/i586/apache-mod_dav-2.2.6-8.5mdv2008.0.i586.rpm 0af08060fc4d5c4cbc0ee3639471c89c 2008.0/i586/apache-mod_dbd-2.2.6-8.5mdv2008.0.i586.rpm 14be61e0738caf12de78792daf35442b 2008.0/i586/apache-mod_deflate-2.2.6-8.5mdv2008.0.i586.rpm de7a4078972db4b946a7005d294028fd 2008.0/i586/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.i586.rpm 69aea451cea5fdfa8dce6df94e8131de 2008.0/i586/apache-mod_file_cache-2.2.6-8.5mdv2008.0.i586.rpm 0ec3642c409cbeffc75a4295fbc1d765 2008.0/i586/apache-mod_ldap-2.2.6-8.5mdv2008.0.i586.rpm 1e16a623413c47da5bc2a57a3d839931 2008.0/i586/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.i586.rpm 54322826b45c5ac77c209f33923c25b5 2008.0/i586/apache-mod_proxy-2.2.6-8.5mdv2008.0.i586.rpm 8f6593751c159dac22d92dcc362fcc68 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.i586.rpm 74c5f10e73350e8dd9eb91292fbf6710 2008.0/i586/apache-mod_ssl-2.2.6-8.5mdv2008.0.i586.rpm df03dd3122074164ab2207df1b3906f7 2008.0/i586/apache-modules-2.2.6-8.5mdv2008.0.i586.rpm 7239241849577e927dee2ec82a002380 2008.0/i586/apache-mod_userdir-2.2.6-8.5mdv2008.0.i586.rpm 5abbfef70091199964222cd403e0568f 2008.0/i586/apache-mpm-event-2.2.6-8.5mdv2008.0.i586.rpm e8baea47b9696f38cd65bb559c9ef463 2008.0/i586/apache-mpm-itk-2.2.6-8.5mdv2008.0.i586.rpm 6f2594f741cc54926d001954794fcfb3 2008.0/i586/apache-mpm-prefork-2.2.6-8.5mdv2008.0.i586.rpm 6954839d001c2955b01c1e03cbeec01d 2008.0/i586/apache-mpm-worker-2.2.6-8.5mdv2008.0.i586.rpm 482ad712e30a79f684f085fb43e93879 2008.0/i586/apache-source-2.2.6-8.5mdv2008.0.i586.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm

    Mandriva Linux 2008.0/X86_64: 29c5a43bbf3ad019e438c4024b15106f 2008.0/x86_64/apache-base-2.2.6-8.5mdv2008.0.x86_64.rpm 563da7a13d54748afc8cfa7255a8bb74 2008.0/x86_64/apache-devel-2.2.6-8.5mdv2008.0.x86_64.rpm 2f1ec678f8969edd1927fcb6098f2e45 2008.0/x86_64/apache-htcacheclean-2.2.6-8.5mdv2008.0.x86_64.rpm b7b89b683f672d30c2a072ab07da14cd 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm 924947249cf409c411c26de5d38841b3 2008.0/x86_64/apache-mod_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fd976a7abea8a0d98afebfda596fb9e4 2008.0/x86_64/apache-mod_dav-2.2.6-8.5mdv2008.0.x86_64.rpm 0db499e7bd1530a5f61b01b75c162575 2008.0/x86_64/apache-mod_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm a271f98bfd9fee474fd8ed6e32e7a4fd 2008.0/x86_64/apache-mod_deflate-2.2.6-8.5mdv2008.0.x86_64.rpm 9fa3c1ff2f71bdb4babd8a1ae05722ca 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fff28aa3fd1952d2d8b679e376020610 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.5mdv2008.0.x86_64.rpm d120a3b1941e24e3bf0404f09ca2bcc8 2008.0/x86_64/apache-mod_ldap-2.2.6-8.5mdv2008.0.x86_64.rpm eb4347aa9035aa0fe6b5026c7da10d46 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.x86_64.rpm 4767ac49d8d2e32fae207fe0a2313ca3 2008.0/x86_64/apache-mod_proxy-2.2.6-8.5mdv2008.0.x86_64.rpm e3d0ffa255bbbccb59fda7a1282d7179 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.x86_64.rpm 79fa1a0825bbbbcc4e72769b4520f8d3 2008.0/x86_64/apache-mod_ssl-2.2.6-8.5mdv2008.0.x86_64.rpm 70bf17490d2de9e961abcda95152f807 2008.0/x86_64/apache-modules-2.2.6-8.5mdv2008.0.x86_64.rpm a348607d816b11b0487c2e05e457a996 2008.0/x86_64/apache-mod_userdir-2.2.6-8.5mdv2008.0.x86_64.rpm 5cbfcc0a67b065e3e67e7e15f06d75ec 2008.0/x86_64/apache-mpm-event-2.2.6-8.5mdv2008.0.x86_64.rpm 4bc19735725da81eded3324c07a9a093 2008.0/x86_64/apache-mpm-itk-2.2.6-8.5mdv2008.0.x86_64.rpm 5547176fa7f2c19ba95f4ac8884bb4c7 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.5mdv2008.0.x86_64.rpm 02ff8d0c41101e3098cee705a8201575 2008.0/x86_64/apache-mpm-worker-2.2.6-8.5mdv2008.0.x86_64.rpm f2bd828f8d60254eddeda242bd7696b0 2008.0/x86_64/apache-source-2.2.6-8.5mdv2008.0.x86_64.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm

    Mandriva Linux 2009.0: 34551cae6c61ac433ffff6fa46c7cd59 2009.0/i586/apache-base-2.2.9-12.9mdv2009.0.i586.rpm 25481b74180228902d00080d9bfc226f 2009.0/i586/apache-devel-2.2.9-12.9mdv2009.0.i586.rpm 7281a4912ddac9696b7cd416f73ed281 2009.0/i586/apache-htcacheclean-2.2.9-12.9mdv2009.0.i586.rpm bd94ed481bd5a3e16818d40dd1dbcf3a 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.i586.rpm 3bb0ef08152e50a234daa555de7d4856 2009.0/i586/apache-mod_cache-2.2.9-12.9mdv2009.0.i586.rpm 5c0e6e70401c79e8a4842ad156d0b93e 2009.0/i586/apache-mod_dav-2.2.9-12.9mdv2009.0.i586.rpm 03eceff53b048314e6fb8fd3cb30cd2b 2009.0/i586/apache-mod_dbd-2.2.9-12.9mdv2009.0.i586.rpm ba8bf1747c9e2f7ec2bf33eb1e008787 2009.0/i586/apache-mod_deflate-2.2.9-12.9mdv2009.0.i586.rpm ff5778fa39d86582aed31af480a72475 2009.0/i586/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.i586.rpm a78f8625e78c6d9042ea5f2fedc48bbc 2009.0/i586/apache-mod_file_cache-2.2.9-12.9mdv2009.0.i586.rpm 96abb0973a1636bdaa35b2c0e21c0f47 2009.0/i586/apache-mod_ldap-2.2.9-12.9mdv2009.0.i586.rpm 7b79b764bcd1682fbcd2bb7609379fa6 2009.0/i586/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.i586.rpm a5d2a7bf906c9fa43ee427557107c628 2009.0/i586/apache-mod_proxy-2.2.9-12.9mdv2009.0.i586.rpm 12bca18d0968c38d832c26689f394d4f 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.i586.rpm c3fa31437a6c7d2af1a8693941b2e4ea 2009.0/i586/apache-mod_ssl-2.2.9-12.9mdv2009.0.i586.rpm dccfc75d97f49c9bb4a31f64165fbc07 2009.0/i586/apache-modules-2.2.9-12.9mdv2009.0.i586.rpm 9b6e98c2d490ad471d7efbeb9b6f1882 2009.0/i586/apache-mod_userdir-2.2.9-12.9mdv2009.0.i586.rpm 72f53c32446474225c5d789446ff31be 2009.0/i586/apache-mpm-event-2.2.9-12.9mdv2009.0.i586.rpm 0a8bef467fc6ce9dcfb019934e400ddf 2009.0/i586/apache-mpm-itk-2.2.9-12.9mdv2009.0.i586.rpm 61fbfbb3a81996278e1ecc8ecb3bbea0 2009.0/i586/apache-mpm-peruser-2.2.9-12.9mdv2009.0.i586.rpm f97488bf62a402de4e069f099d19b946 2009.0/i586/apache-mpm-prefork-2.2.9-12.9mdv2009.0.i586.rpm 3d6a60af5f36580c1d408b776e38d7cb 2009.0/i586/apache-mpm-worker-2.2.9-12.9mdv2009.0.i586.rpm 1541f5510800ca16d411cc108d2f04e7 2009.0/i586/apache-source-2.2.9-12.9mdv2009.0.i586.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm

    Mandriva Linux 2009.0/X86_64: 3c46373187c18fc2120d6d8a06fbe800 2009.0/x86_64/apache-base-2.2.9-12.9mdv2009.0.x86_64.rpm 3a8b3154ec8a6a6d5157e369c82921fe 2009.0/x86_64/apache-devel-2.2.9-12.9mdv2009.0.x86_64.rpm 8632d86e56b89dbfd78728dec530313b 2009.0/x86_64/apache-htcacheclean-2.2.9-12.9mdv2009.0.x86_64.rpm e45065f760280c82ca41b39fab3af500 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 7821495e78ea828b124feca1d0b5e3a4 2009.0/x86_64/apache-mod_cache-2.2.9-12.9mdv2009.0.x86_64.rpm ff24ea3ce6b79f27df1da57004b6b419 2009.0/x86_64/apache-mod_dav-2.2.9-12.9mdv2009.0.x86_64.rpm 812b0343ea5cbdce80b615aaaaa7b3d0 2009.0/x86_64/apache-mod_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 07f63e1efda4a8656fe4ce93c285c56f 2009.0/x86_64/apache-mod_deflate-2.2.9-12.9mdv2009.0.x86_64.rpm bec9164a4b906c91e8ce791d2a673475 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.x86_64.rpm 5dec095d50fefc94ca3667ca5905c1de 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.9mdv2009.0.x86_64.rpm e06416e1c8f4b86d7bc9a2bf09d3aa47 2009.0/x86_64/apache-mod_ldap-2.2.9-12.9mdv2009.0.x86_64.rpm 985ed3db05aab9093c6c739849a8f303 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.x86_64.rpm f02c944bd14fef95f0528413be37d793 2009.0/x86_64/apache-mod_proxy-2.2.9-12.9mdv2009.0.x86_64.rpm 016eebea88ddf78fe9d9310de6f8b110 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.x86_64.rpm 423a7dfdee11cc5685650a9e361d560a 2009.0/x86_64/apache-mod_ssl-2.2.9-12.9mdv2009.0.x86_64.rpm 3c513f39f64b52c48a7b3f9d6dbeca06 2009.0/x86_64/apache-modules-2.2.9-12.9mdv2009.0.x86_64.rpm c53cf2be3d49a43486f11d910d153993 2009.0/x86_64/apache-mod_userdir-2.2.9-12.9mdv2009.0.x86_64.rpm 68e8876c7ae3754d6e9130ad1a6df508 2009.0/x86_64/apache-mpm-event-2.2.9-12.9mdv2009.0.x86_64.rpm 0e21625ac42276652db827a225e4946a 2009.0/x86_64/apache-mpm-itk-2.2.9-12.9mdv2009.0.x86_64.rpm 31d61231859949f0c3202892cab66070 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.9mdv2009.0.x86_64.rpm 2d7faa63bb78578104a13d7cba7ff7f6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.9mdv2009.0.x86_64.rpm f200e178f3335664205a57c47e55a158 2009.0/x86_64/apache-mpm-worker-2.2.9-12.9mdv2009.0.x86_64.rpm 28d29f445b09a9f04ca95c55defa73b3 2009.0/x86_64/apache-source-2.2.9-12.9mdv2009.0.x86_64.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm

    Mandriva Linux 2009.1: 75e56f4bed0e6e528154d10f6f31e0d2 2009.1/i586/apache-base-2.2.11-10.9mdv2009.1.i586.rpm 817e9bebbc2d720ce3fb4eac3e29e331 2009.1/i586/apache-devel-2.2.11-10.9mdv2009.1.i586.rpm 53195802184e37ee1f0a264d50d6cfd9 2009.1/i586/apache-htcacheclean-2.2.11-10.9mdv2009.1.i586.rpm f739e9b0a5d4c9040666aff71b2a4de8 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.i586.rpm ae55b8790089b2cd848158a5c82403b4 2009.1/i586/apache-mod_cache-2.2.11-10.9mdv2009.1.i586.rpm 40032b4ff396c906597ea2f091d0a82c 2009.1/i586/apache-mod_dav-2.2.11-10.9mdv2009.1.i586.rpm e9bfce9f9965db9befc0bbc7a879e873 2009.1/i586/apache-mod_dbd-2.2.11-10.9mdv2009.1.i586.rpm 247901cb194b62dcc07542a6da3b057e 2009.1/i586/apache-mod_deflate-2.2.11-10.9mdv2009.1.i586.rpm 5f77ece73f84e29d4f11fab5a6efc0ff 2009.1/i586/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.i586.rpm 39bcb1885f9d8352ad9af136aeebe226 2009.1/i586/apache-mod_file_cache-2.2.11-10.9mdv2009.1.i586.rpm 233d3224ba30cc7833503c96a7c145ce 2009.1/i586/apache-mod_ldap-2.2.11-10.9mdv2009.1.i586.rpm a210e9f35669c26ad59cee64d8cede3a 2009.1/i586/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.i586.rpm 7e99a85386b813662559d82225450280 2009.1/i586/apache-mod_proxy-2.2.11-10.9mdv2009.1.i586.rpm 318c104ac5f737f8becc5e6e27dc7d92 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.i586.rpm 1634649022f993cbe2faeb47aa11efb6 2009.1/i586/apache-mod_ssl-2.2.11-10.9mdv2009.1.i586.rpm bd0b651dfb0fbfed27e68839d87b1e8f 2009.1/i586/apache-modules-2.2.11-10.9mdv2009.1.i586.rpm 2ec040a5a19ff5087dd63676dcd4d7d3 2009.1/i586/apache-mod_userdir-2.2.11-10.9mdv2009.1.i586.rpm 23f71dca2412d3d4c9f19636c6724788 2009.1/i586/apache-mpm-event-2.2.11-10.9mdv2009.1.i586.rpm e783f4497a37196cedb06ebf48e5cf88 2009.1/i586/apache-mpm-itk-2.2.11-10.9mdv2009.1.i586.rpm 69a26c4225a64cd01fead3037dfdb460 2009.1/i586/apache-mpm-peruser-2.2.11-10.9mdv2009.1.i586.rpm 9a6711b33371ada3cca710e3d077072f 2009.1/i586/apache-mpm-prefork-2.2.11-10.9mdv2009.1.i586.rpm bf8a0a578d905c83e6fb21652cf2efa8 2009.1/i586/apache-mpm-worker-2.2.11-10.9mdv2009.1.i586.rpm 27fd547651fa32ddaf2a49595f1cda94 2009.1/i586/apache-source-2.2.11-10.9mdv2009.1.i586.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm

    Mandriva Linux 2009.1/X86_64: b7493b7c24c69bd4d5d46d68015c1954 2009.1/x86_64/apache-base-2.2.11-10.9mdv2009.1.x86_64.rpm e03c8ac80281ac777d47175b5eefca80 2009.1/x86_64/apache-devel-2.2.11-10.9mdv2009.1.x86_64.rpm 39286b02f42bc078fba50b7ea2d35b53 2009.1/x86_64/apache-htcacheclean-2.2.11-10.9mdv2009.1.x86_64.rpm 198fcc2117c9d576d2d4b5fee6c43ca7 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm f49b0c5819625b44f201f0a35387ce50 2009.1/x86_64/apache-mod_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 330eb48ed00ec971568b367bab7fc1b9 2009.1/x86_64/apache-mod_dav-2.2.11-10.9mdv2009.1.x86_64.rpm 4300c5bacef317a49a2a8ef443ad6a75 2009.1/x86_64/apache-mod_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm 3a72f1c99806427d4485f246657a0bfa 2009.1/x86_64/apache-mod_deflate-2.2.11-10.9mdv2009.1.x86_64.rpm b506f65c8e4f0c0f82907a958cba9dbf 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.x86_64.rpm a778167079f5510f54d896951bf5414e 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.9mdv2009.1.x86_64.rpm efe84333004b0c1e1c1c24d05c63bc4f 2009.1/x86_64/apache-mod_ldap-2.2.11-10.9mdv2009.1.x86_64.rpm 9831767144c303e8035b72148c19acee 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 77d892f2a3f4fe750e335fcd77abed27 2009.1/x86_64/apache-mod_proxy-2.2.11-10.9mdv2009.1.x86_64.rpm 4be9610034ecc78e9c5f92f076cecbbe 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.x86_64.rpm fa6ee038a22d7721936f4489caf9b74f 2009.1/x86_64/apache-mod_ssl-2.2.11-10.9mdv2009.1.x86_64.rpm a3ec6755a5f1642a8afc92477da13ccc 2009.1/x86_64/apache-modules-2.2.11-10.9mdv2009.1.x86_64.rpm 1ee56400bf6828c81bbea38a2d66c5cc 2009.1/x86_64/apache-mod_userdir-2.2.11-10.9mdv2009.1.x86_64.rpm df6155156b5896890dd47f72396f7624 2009.1/x86_64/apache-mpm-event-2.2.11-10.9mdv2009.1.x86_64.rpm 3c1d3f889db936fe85f2cb0a57d91470 2009.1/x86_64/apache-mpm-itk-2.2.11-10.9mdv2009.1.x86_64.rpm ce9c8d4886ba96907c878650226dc759 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.9mdv2009.1.x86_64.rpm 85683f5c477867c69a8bfd1d4d32f800 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.9mdv2009.1.x86_64.rpm 684902be8e369ddc9c2baefd83f37841 2009.1/x86_64/apache-mpm-worker-2.2.11-10.9mdv2009.1.x86_64.rpm c3247495ef79977074487ed254b9fc70 2009.1/x86_64/apache-source-2.2.11-10.9mdv2009.1.x86_64.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm

    Mandriva Linux 2010.0: e9927cf16ed8828131df85685f290708 2010.0/i586/apache-base-2.2.14-1.4mdv2010.0.i586.rpm b781078582f12f11ce00a2a771729a12 2010.0/i586/apache-devel-2.2.14-1.4mdv2010.0.i586.rpm 8b2b02fe15ab2674182bb36e92d5d6bb 2010.0/i586/apache-htcacheclean-2.2.14-1.4mdv2010.0.i586.rpm e3117be319f6007c1e32175dab3dd269 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.i586.rpm 2e140e4a25f125845e5303f613182728 2010.0/i586/apache-mod_cache-2.2.14-1.4mdv2010.0.i586.rpm 65ab42342f5ac48ca1ef81f3a1d484c6 2010.0/i586/apache-mod_dav-2.2.14-1.4mdv2010.0.i586.rpm 7dbd27994acad24b4da011a5225754a8 2010.0/i586/apache-mod_dbd-2.2.14-1.4mdv2010.0.i586.rpm 3e0312e8616b2a93c3ded9d0e98d3e01 2010.0/i586/apache-mod_deflate-2.2.14-1.4mdv2010.0.i586.rpm 1ea13c809fd1e85f8b6ff4e73811207f 2010.0/i586/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.i586.rpm eb675bb1bb1e562335295e01ed84409d 2010.0/i586/apache-mod_file_cache-2.2.14-1.4mdv2010.0.i586.rpm 9bafae0ca87da81fb45b9f9f20c56472 2010.0/i586/apache-mod_ldap-2.2.14-1.4mdv2010.0.i586.rpm 594b51bbcbce61750bb084113a35f5d0 2010.0/i586/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.i586.rpm a2cbbe7507ea6cbeb565eb5bd6e58499 2010.0/i586/apache-mod_proxy-2.2.14-1.4mdv2010.0.i586.rpm 9f05ff1033b165af62c43625e2f2248d 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.i586.rpm 5ee996ba6e070f6ce9a2ad96c38d1579 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.i586.rpm d77c2d33a0acb0621ae01236a9bd2ea8 2010.0/i586/apache-mod_ssl-2.2.14-1.4mdv2010.0.i586.rpm cc394176445ec7e29e7058135e0d16a5 2010.0/i586/apache-modules-2.2.14-1.4mdv2010.0.i586.rpm d66e24d8bd336f344d69e5ab0e2ed665 2010.0/i586/apache-mod_userdir-2.2.14-1.4mdv2010.0.i586.rpm 4ae88b5189af8e2788261c0e8c44183e 2010.0/i586/apache-mpm-event-2.2.14-1.4mdv2010.0.i586.rpm 436cee9cce6eec793421daf8a36166f8 2010.0/i586/apache-mpm-itk-2.2.14-1.4mdv2010.0.i586.rpm 86708b2499826cca8bb771a90181f299 2010.0/i586/apache-mpm-peruser-2.2.14-1.4mdv2010.0.i586.rpm d087904ee7871d5870fa8863e14d79eb 2010.0/i586/apache-mpm-prefork-2.2.14-1.4mdv2010.0.i586.rpm 5a09521d5d7c3051f3036c734315d7c6 2010.0/i586/apache-mpm-worker-2.2.14-1.4mdv2010.0.i586.rpm 4e4674ec021b6f049694d945d2da8362 2010.0/i586/apache-source-2.2.14-1.4mdv2010.0.i586.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm

    Mandriva Linux 2010.0/X86_64: 3a9b16453f85ba791b755c70880f4bb6 2010.0/x86_64/apache-base-2.2.14-1.4mdv2010.0.x86_64.rpm 4a8f74864d709908d9a4e37371a55015 2010.0/x86_64/apache-devel-2.2.14-1.4mdv2010.0.x86_64.rpm 68c08f5e75e65d8a1ee46a487a145ad1 2010.0/x86_64/apache-htcacheclean-2.2.14-1.4mdv2010.0.x86_64.rpm b16c9e431c3a150fd711dc2563c1124c 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 7ab650ea5dfcf70692b7309b6755946e 2010.0/x86_64/apache-mod_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 47d19ce5b7e26832f48e2ba8416dedfb 2010.0/x86_64/apache-mod_dav-2.2.14-1.4mdv2010.0.x86_64.rpm fd4ef2c9ae898cbffd1416037f92c5ae 2010.0/x86_64/apache-mod_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 80fa6fa1a47561803bbf77ec9910afd8 2010.0/x86_64/apache-mod_deflate-2.2.14-1.4mdv2010.0.x86_64.rpm e3320d59d9ea09562a56dbb4f88222ee 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 4234449b5ae220e69d7ba010bad00ba6 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.4mdv2010.0.x86_64.rpm b420809b9fb623d8b553208724004367 2010.0/x86_64/apache-mod_ldap-2.2.14-1.4mdv2010.0.x86_64.rpm 51a6156b7a3610cafaebe0e5ea7c9782 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.x86_64.rpm e13d2cea8bdb4c6d962094e7d284ac30 2010.0/x86_64/apache-mod_proxy-2.2.14-1.4mdv2010.0.x86_64.rpm 95932094d507bf5b41b582b554deff2c 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.x86_64.rpm c68f9ba9d1a7917afff7a317712b098a 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.x86_64.rpm 370de7fb272511910ad0a8278e8e65f3 2010.0/x86_64/apache-mod_ssl-2.2.14-1.4mdv2010.0.x86_64.rpm 9a6a05d650d0947afa1a6a3645f11371 2010.0/x86_64/apache-modules-2.2.14-1.4mdv2010.0.x86_64.rpm e9b8d38fa9f94fa840c5a781c90ed412 2010.0/x86_64/apache-mod_userdir-2.2.14-1.4mdv2010.0.x86_64.rpm 3f3476045c8b28c7bfd65f496d3f24c9 2010.0/x86_64/apache-mpm-event-2.2.14-1.4mdv2010.0.x86_64.rpm 07539efe82ed475c622541c162771a27 2010.0/x86_64/apache-mpm-itk-2.2.14-1.4mdv2010.0.x86_64.rpm 74d7fd8b49f996061b375c155f1f1630 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.4mdv2010.0.x86_64.rpm f88aefd516b55db68839efc32af91073 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.4mdv2010.0.x86_64.rpm 4356cebc14ee955781b48b51bed98016 2010.0/x86_64/apache-mpm-worker-2.2.14-1.4mdv2010.0.x86_64.rpm f88857e7a76c59196a3736b665d94080 2010.0/x86_64/apache-source-2.2.14-1.4mdv2010.0.x86_64.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm

    Corporate 4.0: 668c6d9467773b4482233a474a7d792e corporate/4.0/i586/apache-base-2.2.3-1.11.20060mlcs4.i586.rpm eaf9c8c593b700877d7d833f06056fe1 corporate/4.0/i586/apache-devel-2.2.3-1.11.20060mlcs4.i586.rpm 2b29abe3f2a0b774492bac9c249aca0a corporate/4.0/i586/apache-htcacheclean-2.2.3-1.11.20060mlcs4.i586.rpm c70b3d5dd5111bdfa001cbff301f6c41 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 7906cc2799e66bdf2fc48be55926fe98 corporate/4.0/i586/apache-mod_cache-2.2.3-1.11.20060mlcs4.i586.rpm ee55e3d1a8e6263726caa85db1bb570f corporate/4.0/i586/apache-mod_dav-2.2.3-1.11.20060mlcs4.i586.rpm d36275603d7c7eec7f593f8a7668b58c corporate/4.0/i586/apache-mod_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 10eb8dac17e94a340167d142eb2e83fd corporate/4.0/i586/apache-mod_deflate-2.2.3-1.11.20060mlcs4.i586.rpm 9c70e39afb80762e7b668cea550ed67a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.i586.rpm 196433f929fe1198e3e760b7f1c92767 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.i586.rpm 3303a316fa6f7f7bcfc57361a2ca7941 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.11.20060mlcs4.i586.rpm a0d6f7df0f8654cf96e11a411ec61c79 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.i586.rpm 75f4397b7f0fdf966c160f8d8d088396 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.11.20060mlcs4.i586.rpm 2e20cfa63e8e6cef8c32db70a9bc9800 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.i586.rpm e0c7446fff348dda594a07324a1d11aa corporate/4.0/i586/apache-mod_ssl-2.2.3-1.11.20060mlcs4.i586.rpm d4c567cc1987747a48885a9b1f980a9e corporate/4.0/i586/apache-modules-2.2.3-1.11.20060mlcs4.i586.rpm 855a41782047ee044f9a21f6071d86f1 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.11.20060mlcs4.i586.rpm 08847dbd61763241c5a324a4968f8062 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.i586.rpm 9d8564218ed1e042aee73935b849346f corporate/4.0/i586/apache-mpm-worker-2.2.3-1.11.20060mlcs4.i586.rpm 65fdccb338608a8db640aacbaa05ff61 corporate/4.0/i586/apache-source-2.2.3-1.11.20060mlcs4.i586.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: f52950591695b1acf0a623ca6c3d25a7 corporate/4.0/x86_64/apache-base-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a37c7ce2aee7130bd13ce7458868065 corporate/4.0/x86_64/apache-devel-2.2.3-1.11.20060mlcs4.x86_64.rpm 7aa953fcdecb937530a2ef6a0b945867 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a0a976e094b004eb5bca13ac47d14c9 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm bf78b0f1dc8c99908dba3fab47c51aa8 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm 0b6652d44db18642e0a26a675ccae2d2 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.11.20060mlcs4.x86_64.rpm 46b638e9045512672b62bff8d2996406 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm b8b71e3dcf4745a20ef0294342b2ea18 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.11.20060mlcs4.x86_64.rpm a97ba505ddeb185bcf9900def4151f33 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm e0ad4578f1fa0aa35ff3228d48bc6ddd corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm ed8221c22f6c1aa8f7122b41e3590b2b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.11.20060mlcs4.x86_64.rpm b9f9d4c8a9c05601e535b274d4d2925d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm b54558074746ad5ded4dfb8b1f98bed3 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.11.20060mlcs4.x86_64.rpm f22fd7036529b6e989ce15a064decda7 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.x86_64.rpm 6a1aa90a04d512268ebec80efe8c6604 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.11.20060mlcs4.x86_64.rpm 0abaf16c45ddc32a74af0a0197ee516e corporate/4.0/x86_64/apache-modules-2.2.3-1.11.20060mlcs4.x86_64.rpm 6bf9fb8cbea2382ee4599cc564cf616b corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.11.20060mlcs4.x86_64.rpm e1c5c7edde8868cfa9c50048c73cdfde corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.x86_64.rpm aed1f4d44d52e7c57ab5b2315d1eb5de corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.11.20060mlcs4.x86_64.rpm 79e7e8cbabd87b695079d17ea87a8f22 corporate/4.0/x86_64/apache-source-2.2.3-1.11.20060mlcs4.x86_64.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm

    Mandriva Enterprise Server 5: ab753cc4d946b437ae2ccb92bc693214 mes5/i586/apache-base-2.2.9-12.9mdvmes5.i586.rpm b803256b19d3d6d67c4d0a8bb393b8e8 mes5/i586/apache-devel-2.2.9-12.9mdvmes5.i586.rpm aee26793a2a498fa6dc2f265759d5814 mes5/i586/apache-htcacheclean-2.2.9-12.9mdvmes5.i586.rpm bb56d96f1f9cb12da0c93fa5e8ced62c mes5/i586/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.i586.rpm db388a6e86da85b0345549a769838338 mes5/i586/apache-mod_cache-2.2.9-12.9mdvmes5.i586.rpm 709a73e958cf8ea5e0e4e6de042a9616 mes5/i586/apache-mod_dav-2.2.9-12.9mdvmes5.i586.rpm 0c56296747ba09a45f3fdb65fe98289a mes5/i586/apache-mod_dbd-2.2.9-12.9mdvmes5.i586.rpm 3919222f07bc617a67cd71bf5fcfbced mes5/i586/apache-mod_deflate-2.2.9-12.9mdvmes5.i586.rpm 2bbc3c0f442d8cae8365c876a5ded950 mes5/i586/apache-mod_disk_cache-2.2.9-12.9mdvmes5.i586.rpm 17c669c5adb8cffb402ac967a9f7a422 mes5/i586/apache-mod_file_cache-2.2.9-12.9mdvmes5.i586.rpm 1525f35fab129296b804e5f17d18a6e9 mes5/i586/apache-mod_ldap-2.2.9-12.9mdvmes5.i586.rpm 86c8298f449398214cb3b8a5f399e790 mes5/i586/apache-mod_mem_cache-2.2.9-12.9mdvmes5.i586.rpm 04768b92d82a98f509231d4c870a1623 mes5/i586/apache-mod_proxy-2.2.9-12.9mdvmes5.i586.rpm 27cdd5af7a1c4537b0aad63eba70d561 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.i586.rpm 0735424a7025fd9fec0364615a89399a mes5/i586/apache-mod_ssl-2.2.9-12.9mdvmes5.i586.rpm a7ab1086cd5749fd546d006990240e8a mes5/i586/apache-modules-2.2.9-12.9mdvmes5.i586.rpm 3ceb930ab6712f703342e831e1d11eca mes5/i586/apache-mod_userdir-2.2.9-12.9mdvmes5.i586.rpm e8ec84e75a90188c5382e22f468f9cc6 mes5/i586/apache-mpm-event-2.2.9-12.9mdvmes5.i586.rpm 79139ce85dcc5852013bb94b045728b8 mes5/i586/apache-mpm-itk-2.2.9-12.9mdvmes5.i586.rpm 3ca13b36cde107ba6256f8c6881ae3ff mes5/i586/apache-mpm-peruser-2.2.9-12.9mdvmes5.i586.rpm bff93a0aae65d96a98465b8743d24097 mes5/i586/apache-mpm-prefork-2.2.9-12.9mdvmes5.i586.rpm f31d43be7ef441542cdf5277a951bd13 mes5/i586/apache-mpm-worker-2.2.9-12.9mdvmes5.i586.rpm f0a69821d26df25985425d1e240d22eb mes5/i586/apache-source-2.2.9-12.9mdvmes5.i586.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm

    Mandriva Enterprise Server 5/X86_64: b5c4364550d30cadcb8da1713da1be43 mes5/x86_64/apache-base-2.2.9-12.9mdvmes5.x86_64.rpm 65cfde8292d15799777a1c0bf127c078 mes5/x86_64/apache-devel-2.2.9-12.9mdvmes5.x86_64.rpm 11cbc22e93750a05a7c9ac978542dc0d mes5/x86_64/apache-htcacheclean-2.2.9-12.9mdvmes5.x86_64.rpm 603506340ac0226b47e837523a224ccc mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 6b00730124b1155e9e2093b2703549b0 mes5/x86_64/apache-mod_cache-2.2.9-12.9mdvmes5.x86_64.rpm 85996a15d22fc079e980caa59e8d4ec4 mes5/x86_64/apache-mod_dav-2.2.9-12.9mdvmes5.x86_64.rpm 23536fc192a03183b4205cccd26ca9a8 mes5/x86_64/apache-mod_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 92e853e261b90443477cffe13d2003c2 mes5/x86_64/apache-mod_deflate-2.2.9-12.9mdvmes5.x86_64.rpm 9cfe368d3426e7db68eb3028f5859252 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.9mdvmes5.x86_64.rpm 7def06fe5ea594bff7c2c56b0fd702cd mes5/x86_64/apache-mod_file_cache-2.2.9-12.9mdvmes5.x86_64.rpm 8d5e9d9068fd593b39049135b952de3a mes5/x86_64/apache-mod_ldap-2.2.9-12.9mdvmes5.x86_64.rpm 08d7f342b798fbac376b3b98d9b63a8d mes5/x86_64/apache-mod_mem_cache-2.2.9-12.9mdvmes5.x86_64.rpm bc4ae67984c3ff95a6e743f055bdb820 mes5/x86_64/apache-mod_proxy-2.2.9-12.9mdvmes5.x86_64.rpm c7001da2dda0f9f6c123deedc6838c92 mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.x86_64.rpm ccebc8825a1e0cfe646e69ac3f69979c mes5/x86_64/apache-mod_ssl-2.2.9-12.9mdvmes5.x86_64.rpm f6e8bd9997495e029c5116946309e674 mes5/x86_64/apache-modules-2.2.9-12.9mdvmes5.x86_64.rpm 0df2b76a7584cdd338ea3a07dc638f91 mes5/x86_64/apache-mod_userdir-2.2.9-12.9mdvmes5.x86_64.rpm 0da8cb061c0e998873ae918632779c91 mes5/x86_64/apache-mpm-event-2.2.9-12.9mdvmes5.x86_64.rpm 4a10c80635de94349ecea9d2a4f47f6f mes5/x86_64/apache-mpm-itk-2.2.9-12.9mdvmes5.x86_64.rpm 85226385f0c88832485bf4cd5971bccc mes5/x86_64/apache-mpm-peruser-2.2.9-12.9mdvmes5.x86_64.rpm bb68e58098534428bb50f440a5b527e6 mes5/x86_64/apache-mpm-prefork-2.2.9-12.9mdvmes5.x86_64.rpm 359057702b8979d498c01e290ada60bf mes5/x86_64/apache-mpm-worker-2.2.9-12.9mdvmes5.x86_64.rpm 1ab2afc3b67ebef018b54326e1316192 mes5/x86_64/apache-source-2.2.9-12.9mdvmes5.x86_64.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

    iD8DBQFLkqZUmqjQ0CJFipgRAi2DAKDqzmVn1xVe0S9g4aPVNUZ1agLOfQCgyOLQ CroOeqtSuQuKm9aO+TC3+rE= =g/4G -----END PGP SIGNATURE----- . Please review the CVE identifiers referenced below for details.

    Impact

    A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways.

    A local attacker could gain escalated privileges.

    Workaround

    There is no known workaround at this time.

    Resolution

    All Apache HTTP Server users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"

    References

    [ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-201206-25.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------

    Use WSUS to deploy 3rd party patches

    Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/


    TITLE: Apache HTTP Server Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA38776

    VERIFY ADVISORY: http://secunia.com/advisories/38776/

    DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service).

    1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests.

    3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used.

    Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14.

    SOLUTION: Fixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it becomes available.

    PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Reported in a bug report by Philip Pickett

    ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=917875 http://svn.apache.org/viewvc?view=revision&revision=917870 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


                   VMware Security Advisory
    

    Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425


    1. Summary

    VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.

    1. Relevant releases

    VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier,

    Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term.

    1. Problem Description

    a. VMware Workstation and Player installer security issue

    The Workstation 7.x and Player 3.x installers will load an index.htm
    file located in the current working directory on which Workstation
    7.x or Player 3.x is being installed. This may allow an attacker to
    display a malicious file if they manage to get their file onto the
    system prior to installation.
    
    The issue can only be exploited at the time that Workstation 7.x or
    Player 3.x is being installed. The security issue is no longer present in
    the installer of the new versions of Workstation 7.x and Player 3.x
    (see table below for the version numbers).
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-3277 to this issue.
    
    VMware would like to thank Alexander Trofimov and Marc Esher for
    independently reporting this issue to VMware.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    Workstation    7.x       any      7.1.2 build 301548 or later *
    Workstation    6.5.x     any      not affected
    
    Player         3.x       any      3.1.2 build 301548 or later *
    Player         2.5.x     any      not affected
    
    AMS            any       any      not affected
    
    Server         any       any      not affected
    
    Fusion         any       Mac OS/X not affected
    
    ESXi           any       ESXi     not affected
    
    ESX            any       ESX      not affected
    
    • Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable.

    b. Third party libpng updated to version 1.2.44

    A buffer overflow condition in libpng is addressed that could
    potentially lead to code execution with the privileges of the
    application using libpng. Two potential denial of service issues
    are also addressed in the update.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249
    to these issues.
    
    The following table lists what action remediates the vulnerability
    (column 4) if a solution is available.
    
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    Workstation    7.1.x     any      7.1.2 build 301548 or later
    Workstation    6.5.x     any      affected, patch pending
    
    Player         3.1.x     any      3.1.2 build 301548 or later
    Player         2.5.x     any      affected, patch pending
    
    AMS            any       any      not affected
    
    Server         any       any      affected, no patch planned
    
    Fusion         any       Mac OS/X not affected
    
    ESXi           any       ESXi     not affected
    
    ESX            any       ESX      not affected
    

    c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2010-0434 and CVE-2010-0425 to the
    issues addressed in this update.
    
    Column 4 of the following table lists the action required to
    remediate the vulnerability in each release, if a solution is
    available.
    
    VMware         Product   Running  Replace with/
    Product        Version   on       Apply Patch
    =============  ========  =======  =================
    VirtualCenter  any       Windows  not affected
    
    Workstation    any       any      not affected
    
    Player         any       any      not affected
    
    AMS            any       Windows  2.7.2 build 301548 or later
    AMS            any       Linux    affected, patch pending *
    
    Server         any       any      not affected
    
    Fusion         any       Mac OS/X not affected
    
    ESXi           any       ESXi     not affected
    
    ESX            any       ESX      not affected
    
    • Note CVE-2010-0425 is not applicable to AMS running on Linux

    • Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.

    VMware Workstation 7.1.2


    http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html

    Workstation for Windows 32-bit and 64-bit with VMware Tools
    md5sum: 2e9715ec297dc3ca904ad2707d3e2614 sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a

    Workstation for Windows 32-bit and 64-bit without VMware Tools
    md5sum: 066929f59aef46f11f4d9fd6c6b36e4d sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3

    VMware Player 3.1.2


    http://www.vmware.com/download/player/ Release notes:

    http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html

    VMware Player for Windows 32-bit and 64-bit
    md5sum: 3f289cb33af5e425c92d8512fb22a7ba sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70

    VMware Player for Linux 32-bit
    md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8 sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749

    VMware Player for Linux 64-bit
    md5sum: 2ab08e0d4050719845a64d334ca15bb1 sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c

    VMware ACE Management Server 2.7.2


    http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html

    ACE Management Server for Windows
    md5sum: 02f0072b8e48a98ed914b633f070d550 sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4

    1. References

    CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425


    1. Change log

    2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23


    1. Contact

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    • security-announce at lists.vmware.com
    • bugtraq at securityfocus.com
    • full-disclosure at lists.grok.org.uk

    E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

    VMware Security Center http://www.vmware.com/security

    VMware Security Advisories http://www.vmware.com/security/advisoiries

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2010 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)

    iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- .

    Release Date: 2010-06-02 Last Updated: 2010-06-02


    Potential Security Impact: Remote Denial of Service (DoS), unauthorized access

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30; CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09.

    RESOLUTION

    HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:

    URL http://software.hp.com

    Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15

    Web Server Suite Version / HP-UX Release / Depot name

    Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot

    Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot

    Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot

    Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot

    Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot

    Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot

    Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot

    MANUAL ACTIONS: Yes - Update

    Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    For Web Server Suite before v3.09 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.09 or subsequent

    HP-UX B.11.31

    hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.09 or subsequent

    For Web Server Suite before v2.30 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent

    HP-UX B.11.23

    hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY action: install revision B.2.0.59.15 or subsequent

    HP-UX B.11.31

    hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent

    END AFFECTED VERSIONS

    HISTORY Version:1 (rev.1) 2 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201003-1105",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "http server",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "apache",
            "version": "2.0.64"
          },
          {
            "model": "http server",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "apache",
            "version": "2.2.15"
          },
          {
            "model": "web server",
            "scope": null,
            "trust": 1.6,
            "vendor": "hitachi",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "oracle",
            "version": "10.1.3.5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 1.1,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.0"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "11"
          },
          {
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.35"
          },
          {
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "13"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache http server",
            "version": null
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "2.0.47.x"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "model": "mac os x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6 to  v10.6.4"
          },
          {
            "model": "mac os x server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "apple",
            "version": "v10.6 to  v10.6.4"
          },
          {
            "model": "opensolaris",
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "10"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "3 (x86)"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "3 (x86-64)"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "3.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "3.0 (x86-64)"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "3.0"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "3.0 (x64)"
          },
          {
            "model": "turbolinux client",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2008"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11 (x64)"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.31"
          },
          {
            "model": "hp-ux apache-based web server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "v.2.2.15.03"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.8 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.8 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "5 (server)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "5.0 (client)"
          },
          {
            "model": "enterprise linux eus",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "5.4.z (server)"
          },
          {
            "model": "rhel desktop workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "5 (client)"
          },
          {
            "model": "interstage application server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage studio",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage web server",
            "scope": null,
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.0"
          },
          {
            "model": "opensolaris build snv 41",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 104",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.10"
          },
          {
            "model": "opensolaris build snv 83",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 106",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "certificate server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "redhat",
            "version": "7.3"
          },
          {
            "model": "opensolaris build snv 56",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 95",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 38",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "groupware server 2.2-rc3",
            "scope": null,
            "trust": 0.6,
            "vendor": "kolab",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.22"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.18"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.11"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.15"
          },
          {
            "model": "opensolaris build snv 54",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 93",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "opensolaris build snv 35",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.0.29"
          },
          {
            "model": "coat systems director",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "blue",
            "version": "5.2.2.5"
          },
          {
            "model": "opensolaris build snv 92",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "intuity audix lx sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "opensolaris build snv 76",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "groupware server -rc2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2.3"
          },
          {
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "opensolaris build snv 84",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 101a",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.21"
          },
          {
            "model": "opensolaris build snv 105",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 99",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 111a",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1"
          },
          {
            "model": "coat systems director",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "blue",
            "version": "0"
          },
          {
            "model": "intuity audix lx sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "opensolaris build snv 87",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.1"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.6"
          },
          {
            "model": "opensolaris build snv 88",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 98",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.2.2"
          },
          {
            "model": "opensolaris build snv 58",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "coat systems director",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "blue",
            "version": "5.5.2.3"
          },
          {
            "model": "opensolaris build snv 111",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.2"
          },
          {
            "model": "opensolaris build snv 100",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "coat systems director",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "blue",
            "version": "5.5"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "opensolaris build snv 59",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 49",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.25"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.9"
          },
          {
            "model": "opensolaris build snv 57",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 22",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.0.1"
          },
          {
            "model": "groupware server",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2.4"
          },
          {
            "model": "opensolaris build snv 81",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "model": "opensolaris build snv 103",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.13"
          },
          {
            "model": "opensolaris build snv 85",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 19",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 107",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "opensolaris build snv 45",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 96",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 110",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 71",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2.2"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.6,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.2"
          },
          {
            "model": "appliance platform linux service",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.8"
          },
          {
            "model": "opensolaris build snv 78",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "opensolaris build snv 108",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 28",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.14"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.19"
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.17"
          },
          {
            "model": "opensolaris build snv 91",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "coat systems director",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "blue",
            "version": "5.4"
          },
          {
            "model": "opensolaris build snv 36",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 89",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.12"
          },
          {
            "model": "opensolaris build snv 47",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 39",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 48",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 64",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.7"
          },
          {
            "model": "groupware server 2.2-rc1",
            "scope": null,
            "trust": 0.6,
            "vendor": "kolab",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.0.27"
          },
          {
            "model": "coat systems director",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "blue",
            "version": "4.2.2.4"
          },
          {
            "model": "message networking",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "opensolaris build snv 94",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 37",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 101",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.3"
          },
          {
            "model": "opensolaris build snv 90",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "groupware server beta3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "model": "opensolaris build snv 68",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.5"
          },
          {
            "model": "opensolaris build snv 109",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 74",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 67",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 51",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 50",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.20"
          },
          {
            "model": "intuity audix lx",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "opensolaris build snv 102",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 02",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "groupware server beta1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.23"
          },
          {
            "model": "opensolaris build snv 77",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 61",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 111b",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.4"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "4.2.1"
          },
          {
            "model": "opensolaris build snv 80",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 82",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "ne",
            "trust": 0.6,
            "vendor": "ibm",
            "version": "6.1.0.31"
          },
          {
            "model": "opensolaris build snv 01",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 86",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "opensolaris build snv 29",
            "scope": null,
            "trust": 0.6,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "linux armel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "2.2.5-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.10"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "model": "jboss enterprise web server for rhel es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "41.0"
          },
          {
            "model": "linux enterprise sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.17"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.13"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.35"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.10"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.6"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.5"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "enterprise linux desktop version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.1"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.12"
          },
          {
            "model": "http server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.10"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "2.2.6-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "model": "http server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.41"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.10"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "model": "linux enterprise sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.2"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.19"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "model": "ace management server for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "0"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.1"
          },
          {
            "model": "linux lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "appliance platform linux service",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.15"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.0"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.13"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "jboss enterprise web server for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "51.0"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.27"
          },
          {
            "model": "linux enterprise",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "model": "2.2.7-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "model": "jboss enterprise web server for rhel as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "41.0"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.2"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "model": "linux lts lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.10"
          },
          {
            "model": "enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.04"
          },
          {
            "model": "2.2.15-dev",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "apache",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.15"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.14"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "model": "linux lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.04"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.2.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.19"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.4"
          },
          {
            "model": "http server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.31"
          },
          {
            "model": "linux lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.10"
          },
          {
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.33"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.25"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.04"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2008.0"
          },
          {
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "11.2"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.04"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.0"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.12"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.8"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.10"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "9.04"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.13"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.27"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.23"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.9"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "2"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "5.0"
          },
          {
            "model": "software foundation apache 2.0.62-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.58"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.03"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.54"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "12.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.42"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.38"
          },
          {
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.52"
          },
          {
            "model": "hat jboss enterprise web server for rhel as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.63"
          },
          {
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.41"
          },
          {
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "12.2"
          },
          {
            "model": "software foundation apache 2.2.5-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.8"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.57"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.9"
          },
          {
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "hat jboss enterprise web server for rhel es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0"
          },
          {
            "model": "communication manager sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.13"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.9"
          },
          {
            "model": "software foundation apache",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.15"
          },
          {
            "model": "software foundation apache 2.2.15-dev",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.59"
          },
          {
            "model": "software foundation apache 2.0.60-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.49"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "model": "interstage application server standard-j edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "communication manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0.3"
          },
          {
            "model": "software foundation apache 2.0.61-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.8"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.50"
          },
          {
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.10"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.6"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.5"
          },
          {
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.2"
          },
          {
            "model": "software foundation apache -dev",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.56"
          },
          {
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.51"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.12"
          },
          {
            "model": "software foundation apache 2.0.64-dev",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "12.1"
          },
          {
            "model": "interstage application server standard-j edition 9.1.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.7"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.53"
          },
          {
            "model": "websphere application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.1"
          },
          {
            "model": "hat jboss enterprise web server for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "51.0"
          },
          {
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "model": "software foundation apache 2.2.6-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.55"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.47.1"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.37"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.47"
          },
          {
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "model": "opensolaris build snv 13",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.39"
          },
          {
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "model": "opensolaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "0"
          },
          {
            "model": "interstage studio enterprise edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1.0"
          },
          {
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.48"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.45"
          },
          {
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "model": "interstage application server enterprise edition a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "software foundation apache 2.2.7-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "model": "websphere application server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.11"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.43"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.47"
          },
          {
            "model": "interstage application server enterprise edition 9.1.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.46"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.2"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.44"
          },
          {
            "model": "interstage application server standard-j edition a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "model": "communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.40"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.1"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.14"
          },
          {
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.4"
          },
          {
            "model": "interstage studio standard-j edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1.0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:apache:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ibm:websphere_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:oracle:opensolaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:oracle:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:hp:apache-based_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Philip Pickett",
        "sources": [
          {
            "db": "BID",
            "id": "38580"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2010-0434",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2010-0434",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.1,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2011-001633",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2010-0434",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2010-0434",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2011-001633",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "VULMON",
                "id": "CVE-2010-0434",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory. If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.An attacker may gain access to the data that have been deleted from the memory. Apache is prone to an information-disclosure vulnerability. \nAttackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions. \nApache versions prior to 2.2.15 are affected. \nNOTE: This issue was previously described in BID 38494 (Apache  Multiple Security Vulnerabilities), but has been assigned its own record  to better document the vulnerability. \n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers. \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434\n http://svn.apache.org/viewvc?view=revision\u0026revision=917867\n http://httpd.apache.org/security/vulnerabilities_22.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 23ff92149bae266e77a0dee41145e112  2008.0/i586/apache-base-2.2.6-8.5mdv2008.0.i586.rpm\n ddad03b1e60dc5ce8e7c9153ab37d45f  2008.0/i586/apache-devel-2.2.6-8.5mdv2008.0.i586.rpm\n a9285879e43c043e0f34cc78fc5258e4  2008.0/i586/apache-htcacheclean-2.2.6-8.5mdv2008.0.i586.rpm\n 9c78955e8d90fc50c11ccc586de3b6b0  2008.0/i586/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.i586.rpm\n 29152b393906d4092b002ad7f7fff4e5  2008.0/i586/apache-mod_cache-2.2.6-8.5mdv2008.0.i586.rpm\n 342b3554786301fb899c0d0643b9dd1f  2008.0/i586/apache-mod_dav-2.2.6-8.5mdv2008.0.i586.rpm\n 0af08060fc4d5c4cbc0ee3639471c89c  2008.0/i586/apache-mod_dbd-2.2.6-8.5mdv2008.0.i586.rpm\n 14be61e0738caf12de78792daf35442b  2008.0/i586/apache-mod_deflate-2.2.6-8.5mdv2008.0.i586.rpm\n de7a4078972db4b946a7005d294028fd  2008.0/i586/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.i586.rpm\n 69aea451cea5fdfa8dce6df94e8131de  2008.0/i586/apache-mod_file_cache-2.2.6-8.5mdv2008.0.i586.rpm\n 0ec3642c409cbeffc75a4295fbc1d765  2008.0/i586/apache-mod_ldap-2.2.6-8.5mdv2008.0.i586.rpm\n 1e16a623413c47da5bc2a57a3d839931  2008.0/i586/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.i586.rpm\n 54322826b45c5ac77c209f33923c25b5  2008.0/i586/apache-mod_proxy-2.2.6-8.5mdv2008.0.i586.rpm\n 8f6593751c159dac22d92dcc362fcc68  2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.i586.rpm\n 74c5f10e73350e8dd9eb91292fbf6710  2008.0/i586/apache-mod_ssl-2.2.6-8.5mdv2008.0.i586.rpm\n df03dd3122074164ab2207df1b3906f7  2008.0/i586/apache-modules-2.2.6-8.5mdv2008.0.i586.rpm\n 7239241849577e927dee2ec82a002380  2008.0/i586/apache-mod_userdir-2.2.6-8.5mdv2008.0.i586.rpm\n 5abbfef70091199964222cd403e0568f  2008.0/i586/apache-mpm-event-2.2.6-8.5mdv2008.0.i586.rpm\n e8baea47b9696f38cd65bb559c9ef463  2008.0/i586/apache-mpm-itk-2.2.6-8.5mdv2008.0.i586.rpm\n 6f2594f741cc54926d001954794fcfb3  2008.0/i586/apache-mpm-prefork-2.2.6-8.5mdv2008.0.i586.rpm\n 6954839d001c2955b01c1e03cbeec01d  2008.0/i586/apache-mpm-worker-2.2.6-8.5mdv2008.0.i586.rpm\n 482ad712e30a79f684f085fb43e93879  2008.0/i586/apache-source-2.2.6-8.5mdv2008.0.i586.rpm \n 90d942cb17fff4eec4eb1dc7920b0f1c  2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 29c5a43bbf3ad019e438c4024b15106f  2008.0/x86_64/apache-base-2.2.6-8.5mdv2008.0.x86_64.rpm\n 563da7a13d54748afc8cfa7255a8bb74  2008.0/x86_64/apache-devel-2.2.6-8.5mdv2008.0.x86_64.rpm\n 2f1ec678f8969edd1927fcb6098f2e45  2008.0/x86_64/apache-htcacheclean-2.2.6-8.5mdv2008.0.x86_64.rpm\n b7b89b683f672d30c2a072ab07da14cd  2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm\n 924947249cf409c411c26de5d38841b3  2008.0/x86_64/apache-mod_cache-2.2.6-8.5mdv2008.0.x86_64.rpm\n fd976a7abea8a0d98afebfda596fb9e4  2008.0/x86_64/apache-mod_dav-2.2.6-8.5mdv2008.0.x86_64.rpm\n 0db499e7bd1530a5f61b01b75c162575  2008.0/x86_64/apache-mod_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm\n a271f98bfd9fee474fd8ed6e32e7a4fd  2008.0/x86_64/apache-mod_deflate-2.2.6-8.5mdv2008.0.x86_64.rpm\n 9fa3c1ff2f71bdb4babd8a1ae05722ca  2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.x86_64.rpm\n fff28aa3fd1952d2d8b679e376020610  2008.0/x86_64/apache-mod_file_cache-2.2.6-8.5mdv2008.0.x86_64.rpm\n d120a3b1941e24e3bf0404f09ca2bcc8  2008.0/x86_64/apache-mod_ldap-2.2.6-8.5mdv2008.0.x86_64.rpm\n eb4347aa9035aa0fe6b5026c7da10d46  2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.x86_64.rpm\n 4767ac49d8d2e32fae207fe0a2313ca3  2008.0/x86_64/apache-mod_proxy-2.2.6-8.5mdv2008.0.x86_64.rpm\n e3d0ffa255bbbccb59fda7a1282d7179  2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.x86_64.rpm\n 79fa1a0825bbbbcc4e72769b4520f8d3  2008.0/x86_64/apache-mod_ssl-2.2.6-8.5mdv2008.0.x86_64.rpm\n 70bf17490d2de9e961abcda95152f807  2008.0/x86_64/apache-modules-2.2.6-8.5mdv2008.0.x86_64.rpm\n a348607d816b11b0487c2e05e457a996  2008.0/x86_64/apache-mod_userdir-2.2.6-8.5mdv2008.0.x86_64.rpm\n 5cbfcc0a67b065e3e67e7e15f06d75ec  2008.0/x86_64/apache-mpm-event-2.2.6-8.5mdv2008.0.x86_64.rpm\n 4bc19735725da81eded3324c07a9a093  2008.0/x86_64/apache-mpm-itk-2.2.6-8.5mdv2008.0.x86_64.rpm\n 5547176fa7f2c19ba95f4ac8884bb4c7  2008.0/x86_64/apache-mpm-prefork-2.2.6-8.5mdv2008.0.x86_64.rpm\n 02ff8d0c41101e3098cee705a8201575  2008.0/x86_64/apache-mpm-worker-2.2.6-8.5mdv2008.0.x86_64.rpm\n f2bd828f8d60254eddeda242bd7696b0  2008.0/x86_64/apache-source-2.2.6-8.5mdv2008.0.x86_64.rpm \n 90d942cb17fff4eec4eb1dc7920b0f1c  2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n 34551cae6c61ac433ffff6fa46c7cd59  2009.0/i586/apache-base-2.2.9-12.9mdv2009.0.i586.rpm\n 25481b74180228902d00080d9bfc226f  2009.0/i586/apache-devel-2.2.9-12.9mdv2009.0.i586.rpm\n 7281a4912ddac9696b7cd416f73ed281  2009.0/i586/apache-htcacheclean-2.2.9-12.9mdv2009.0.i586.rpm\n bd94ed481bd5a3e16818d40dd1dbcf3a  2009.0/i586/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.i586.rpm\n 3bb0ef08152e50a234daa555de7d4856  2009.0/i586/apache-mod_cache-2.2.9-12.9mdv2009.0.i586.rpm\n 5c0e6e70401c79e8a4842ad156d0b93e  2009.0/i586/apache-mod_dav-2.2.9-12.9mdv2009.0.i586.rpm\n 03eceff53b048314e6fb8fd3cb30cd2b  2009.0/i586/apache-mod_dbd-2.2.9-12.9mdv2009.0.i586.rpm\n ba8bf1747c9e2f7ec2bf33eb1e008787  2009.0/i586/apache-mod_deflate-2.2.9-12.9mdv2009.0.i586.rpm\n ff5778fa39d86582aed31af480a72475  2009.0/i586/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.i586.rpm\n a78f8625e78c6d9042ea5f2fedc48bbc  2009.0/i586/apache-mod_file_cache-2.2.9-12.9mdv2009.0.i586.rpm\n 96abb0973a1636bdaa35b2c0e21c0f47  2009.0/i586/apache-mod_ldap-2.2.9-12.9mdv2009.0.i586.rpm\n 7b79b764bcd1682fbcd2bb7609379fa6  2009.0/i586/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.i586.rpm\n a5d2a7bf906c9fa43ee427557107c628  2009.0/i586/apache-mod_proxy-2.2.9-12.9mdv2009.0.i586.rpm\n 12bca18d0968c38d832c26689f394d4f  2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.i586.rpm\n c3fa31437a6c7d2af1a8693941b2e4ea  2009.0/i586/apache-mod_ssl-2.2.9-12.9mdv2009.0.i586.rpm\n dccfc75d97f49c9bb4a31f64165fbc07  2009.0/i586/apache-modules-2.2.9-12.9mdv2009.0.i586.rpm\n 9b6e98c2d490ad471d7efbeb9b6f1882  2009.0/i586/apache-mod_userdir-2.2.9-12.9mdv2009.0.i586.rpm\n 72f53c32446474225c5d789446ff31be  2009.0/i586/apache-mpm-event-2.2.9-12.9mdv2009.0.i586.rpm\n 0a8bef467fc6ce9dcfb019934e400ddf  2009.0/i586/apache-mpm-itk-2.2.9-12.9mdv2009.0.i586.rpm\n 61fbfbb3a81996278e1ecc8ecb3bbea0  2009.0/i586/apache-mpm-peruser-2.2.9-12.9mdv2009.0.i586.rpm\n f97488bf62a402de4e069f099d19b946  2009.0/i586/apache-mpm-prefork-2.2.9-12.9mdv2009.0.i586.rpm\n 3d6a60af5f36580c1d408b776e38d7cb  2009.0/i586/apache-mpm-worker-2.2.9-12.9mdv2009.0.i586.rpm\n 1541f5510800ca16d411cc108d2f04e7  2009.0/i586/apache-source-2.2.9-12.9mdv2009.0.i586.rpm \n 90dbf41f264a031f26978b06eb61e3eb  2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 3c46373187c18fc2120d6d8a06fbe800  2009.0/x86_64/apache-base-2.2.9-12.9mdv2009.0.x86_64.rpm\n 3a8b3154ec8a6a6d5157e369c82921fe  2009.0/x86_64/apache-devel-2.2.9-12.9mdv2009.0.x86_64.rpm\n 8632d86e56b89dbfd78728dec530313b  2009.0/x86_64/apache-htcacheclean-2.2.9-12.9mdv2009.0.x86_64.rpm\n e45065f760280c82ca41b39fab3af500  2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm\n 7821495e78ea828b124feca1d0b5e3a4  2009.0/x86_64/apache-mod_cache-2.2.9-12.9mdv2009.0.x86_64.rpm\n ff24ea3ce6b79f27df1da57004b6b419  2009.0/x86_64/apache-mod_dav-2.2.9-12.9mdv2009.0.x86_64.rpm\n 812b0343ea5cbdce80b615aaaaa7b3d0  2009.0/x86_64/apache-mod_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm\n 07f63e1efda4a8656fe4ce93c285c56f  2009.0/x86_64/apache-mod_deflate-2.2.9-12.9mdv2009.0.x86_64.rpm\n bec9164a4b906c91e8ce791d2a673475  2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.x86_64.rpm\n 5dec095d50fefc94ca3667ca5905c1de  2009.0/x86_64/apache-mod_file_cache-2.2.9-12.9mdv2009.0.x86_64.rpm\n e06416e1c8f4b86d7bc9a2bf09d3aa47  2009.0/x86_64/apache-mod_ldap-2.2.9-12.9mdv2009.0.x86_64.rpm\n 985ed3db05aab9093c6c739849a8f303  2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.x86_64.rpm\n f02c944bd14fef95f0528413be37d793  2009.0/x86_64/apache-mod_proxy-2.2.9-12.9mdv2009.0.x86_64.rpm\n 016eebea88ddf78fe9d9310de6f8b110  2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.x86_64.rpm\n 423a7dfdee11cc5685650a9e361d560a  2009.0/x86_64/apache-mod_ssl-2.2.9-12.9mdv2009.0.x86_64.rpm\n 3c513f39f64b52c48a7b3f9d6dbeca06  2009.0/x86_64/apache-modules-2.2.9-12.9mdv2009.0.x86_64.rpm\n c53cf2be3d49a43486f11d910d153993  2009.0/x86_64/apache-mod_userdir-2.2.9-12.9mdv2009.0.x86_64.rpm\n 68e8876c7ae3754d6e9130ad1a6df508  2009.0/x86_64/apache-mpm-event-2.2.9-12.9mdv2009.0.x86_64.rpm\n 0e21625ac42276652db827a225e4946a  2009.0/x86_64/apache-mpm-itk-2.2.9-12.9mdv2009.0.x86_64.rpm\n 31d61231859949f0c3202892cab66070  2009.0/x86_64/apache-mpm-peruser-2.2.9-12.9mdv2009.0.x86_64.rpm\n 2d7faa63bb78578104a13d7cba7ff7f6  2009.0/x86_64/apache-mpm-prefork-2.2.9-12.9mdv2009.0.x86_64.rpm\n f200e178f3335664205a57c47e55a158  2009.0/x86_64/apache-mpm-worker-2.2.9-12.9mdv2009.0.x86_64.rpm\n 28d29f445b09a9f04ca95c55defa73b3  2009.0/x86_64/apache-source-2.2.9-12.9mdv2009.0.x86_64.rpm \n 90dbf41f264a031f26978b06eb61e3eb  2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 75e56f4bed0e6e528154d10f6f31e0d2  2009.1/i586/apache-base-2.2.11-10.9mdv2009.1.i586.rpm\n 817e9bebbc2d720ce3fb4eac3e29e331  2009.1/i586/apache-devel-2.2.11-10.9mdv2009.1.i586.rpm\n 53195802184e37ee1f0a264d50d6cfd9  2009.1/i586/apache-htcacheclean-2.2.11-10.9mdv2009.1.i586.rpm\n f739e9b0a5d4c9040666aff71b2a4de8  2009.1/i586/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.i586.rpm\n ae55b8790089b2cd848158a5c82403b4  2009.1/i586/apache-mod_cache-2.2.11-10.9mdv2009.1.i586.rpm\n 40032b4ff396c906597ea2f091d0a82c  2009.1/i586/apache-mod_dav-2.2.11-10.9mdv2009.1.i586.rpm\n e9bfce9f9965db9befc0bbc7a879e873  2009.1/i586/apache-mod_dbd-2.2.11-10.9mdv2009.1.i586.rpm\n 247901cb194b62dcc07542a6da3b057e  2009.1/i586/apache-mod_deflate-2.2.11-10.9mdv2009.1.i586.rpm\n 5f77ece73f84e29d4f11fab5a6efc0ff  2009.1/i586/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.i586.rpm\n 39bcb1885f9d8352ad9af136aeebe226  2009.1/i586/apache-mod_file_cache-2.2.11-10.9mdv2009.1.i586.rpm\n 233d3224ba30cc7833503c96a7c145ce  2009.1/i586/apache-mod_ldap-2.2.11-10.9mdv2009.1.i586.rpm\n a210e9f35669c26ad59cee64d8cede3a  2009.1/i586/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.i586.rpm\n 7e99a85386b813662559d82225450280  2009.1/i586/apache-mod_proxy-2.2.11-10.9mdv2009.1.i586.rpm\n 318c104ac5f737f8becc5e6e27dc7d92  2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.i586.rpm\n 1634649022f993cbe2faeb47aa11efb6  2009.1/i586/apache-mod_ssl-2.2.11-10.9mdv2009.1.i586.rpm\n bd0b651dfb0fbfed27e68839d87b1e8f  2009.1/i586/apache-modules-2.2.11-10.9mdv2009.1.i586.rpm\n 2ec040a5a19ff5087dd63676dcd4d7d3  2009.1/i586/apache-mod_userdir-2.2.11-10.9mdv2009.1.i586.rpm\n 23f71dca2412d3d4c9f19636c6724788  2009.1/i586/apache-mpm-event-2.2.11-10.9mdv2009.1.i586.rpm\n e783f4497a37196cedb06ebf48e5cf88  2009.1/i586/apache-mpm-itk-2.2.11-10.9mdv2009.1.i586.rpm\n 69a26c4225a64cd01fead3037dfdb460  2009.1/i586/apache-mpm-peruser-2.2.11-10.9mdv2009.1.i586.rpm\n 9a6711b33371ada3cca710e3d077072f  2009.1/i586/apache-mpm-prefork-2.2.11-10.9mdv2009.1.i586.rpm\n bf8a0a578d905c83e6fb21652cf2efa8  2009.1/i586/apache-mpm-worker-2.2.11-10.9mdv2009.1.i586.rpm\n 27fd547651fa32ddaf2a49595f1cda94  2009.1/i586/apache-source-2.2.11-10.9mdv2009.1.i586.rpm \n 86177bd1b2993d442a45de0057ba3371  2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n b7493b7c24c69bd4d5d46d68015c1954  2009.1/x86_64/apache-base-2.2.11-10.9mdv2009.1.x86_64.rpm\n e03c8ac80281ac777d47175b5eefca80  2009.1/x86_64/apache-devel-2.2.11-10.9mdv2009.1.x86_64.rpm\n 39286b02f42bc078fba50b7ea2d35b53  2009.1/x86_64/apache-htcacheclean-2.2.11-10.9mdv2009.1.x86_64.rpm\n 198fcc2117c9d576d2d4b5fee6c43ca7  2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm\n f49b0c5819625b44f201f0a35387ce50  2009.1/x86_64/apache-mod_cache-2.2.11-10.9mdv2009.1.x86_64.rpm\n 330eb48ed00ec971568b367bab7fc1b9  2009.1/x86_64/apache-mod_dav-2.2.11-10.9mdv2009.1.x86_64.rpm\n 4300c5bacef317a49a2a8ef443ad6a75  2009.1/x86_64/apache-mod_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm\n 3a72f1c99806427d4485f246657a0bfa  2009.1/x86_64/apache-mod_deflate-2.2.11-10.9mdv2009.1.x86_64.rpm\n b506f65c8e4f0c0f82907a958cba9dbf  2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.x86_64.rpm\n a778167079f5510f54d896951bf5414e  2009.1/x86_64/apache-mod_file_cache-2.2.11-10.9mdv2009.1.x86_64.rpm\n efe84333004b0c1e1c1c24d05c63bc4f  2009.1/x86_64/apache-mod_ldap-2.2.11-10.9mdv2009.1.x86_64.rpm\n 9831767144c303e8035b72148c19acee  2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.x86_64.rpm\n 77d892f2a3f4fe750e335fcd77abed27  2009.1/x86_64/apache-mod_proxy-2.2.11-10.9mdv2009.1.x86_64.rpm\n 4be9610034ecc78e9c5f92f076cecbbe  2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.x86_64.rpm\n fa6ee038a22d7721936f4489caf9b74f  2009.1/x86_64/apache-mod_ssl-2.2.11-10.9mdv2009.1.x86_64.rpm\n a3ec6755a5f1642a8afc92477da13ccc  2009.1/x86_64/apache-modules-2.2.11-10.9mdv2009.1.x86_64.rpm\n 1ee56400bf6828c81bbea38a2d66c5cc  2009.1/x86_64/apache-mod_userdir-2.2.11-10.9mdv2009.1.x86_64.rpm\n df6155156b5896890dd47f72396f7624  2009.1/x86_64/apache-mpm-event-2.2.11-10.9mdv2009.1.x86_64.rpm\n 3c1d3f889db936fe85f2cb0a57d91470  2009.1/x86_64/apache-mpm-itk-2.2.11-10.9mdv2009.1.x86_64.rpm\n ce9c8d4886ba96907c878650226dc759  2009.1/x86_64/apache-mpm-peruser-2.2.11-10.9mdv2009.1.x86_64.rpm\n 85683f5c477867c69a8bfd1d4d32f800  2009.1/x86_64/apache-mpm-prefork-2.2.11-10.9mdv2009.1.x86_64.rpm\n 684902be8e369ddc9c2baefd83f37841  2009.1/x86_64/apache-mpm-worker-2.2.11-10.9mdv2009.1.x86_64.rpm\n c3247495ef79977074487ed254b9fc70  2009.1/x86_64/apache-source-2.2.11-10.9mdv2009.1.x86_64.rpm \n 86177bd1b2993d442a45de0057ba3371  2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n e9927cf16ed8828131df85685f290708  2010.0/i586/apache-base-2.2.14-1.4mdv2010.0.i586.rpm\n b781078582f12f11ce00a2a771729a12  2010.0/i586/apache-devel-2.2.14-1.4mdv2010.0.i586.rpm\n 8b2b02fe15ab2674182bb36e92d5d6bb  2010.0/i586/apache-htcacheclean-2.2.14-1.4mdv2010.0.i586.rpm\n e3117be319f6007c1e32175dab3dd269  2010.0/i586/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.i586.rpm\n 2e140e4a25f125845e5303f613182728  2010.0/i586/apache-mod_cache-2.2.14-1.4mdv2010.0.i586.rpm\n 65ab42342f5ac48ca1ef81f3a1d484c6  2010.0/i586/apache-mod_dav-2.2.14-1.4mdv2010.0.i586.rpm\n 7dbd27994acad24b4da011a5225754a8  2010.0/i586/apache-mod_dbd-2.2.14-1.4mdv2010.0.i586.rpm\n 3e0312e8616b2a93c3ded9d0e98d3e01  2010.0/i586/apache-mod_deflate-2.2.14-1.4mdv2010.0.i586.rpm\n 1ea13c809fd1e85f8b6ff4e73811207f  2010.0/i586/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.i586.rpm\n eb675bb1bb1e562335295e01ed84409d  2010.0/i586/apache-mod_file_cache-2.2.14-1.4mdv2010.0.i586.rpm\n 9bafae0ca87da81fb45b9f9f20c56472  2010.0/i586/apache-mod_ldap-2.2.14-1.4mdv2010.0.i586.rpm\n 594b51bbcbce61750bb084113a35f5d0  2010.0/i586/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.i586.rpm\n a2cbbe7507ea6cbeb565eb5bd6e58499  2010.0/i586/apache-mod_proxy-2.2.14-1.4mdv2010.0.i586.rpm\n 9f05ff1033b165af62c43625e2f2248d  2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.i586.rpm\n 5ee996ba6e070f6ce9a2ad96c38d1579  2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.i586.rpm\n d77c2d33a0acb0621ae01236a9bd2ea8  2010.0/i586/apache-mod_ssl-2.2.14-1.4mdv2010.0.i586.rpm\n cc394176445ec7e29e7058135e0d16a5  2010.0/i586/apache-modules-2.2.14-1.4mdv2010.0.i586.rpm\n d66e24d8bd336f344d69e5ab0e2ed665  2010.0/i586/apache-mod_userdir-2.2.14-1.4mdv2010.0.i586.rpm\n 4ae88b5189af8e2788261c0e8c44183e  2010.0/i586/apache-mpm-event-2.2.14-1.4mdv2010.0.i586.rpm\n 436cee9cce6eec793421daf8a36166f8  2010.0/i586/apache-mpm-itk-2.2.14-1.4mdv2010.0.i586.rpm\n 86708b2499826cca8bb771a90181f299  2010.0/i586/apache-mpm-peruser-2.2.14-1.4mdv2010.0.i586.rpm\n d087904ee7871d5870fa8863e14d79eb  2010.0/i586/apache-mpm-prefork-2.2.14-1.4mdv2010.0.i586.rpm\n 5a09521d5d7c3051f3036c734315d7c6  2010.0/i586/apache-mpm-worker-2.2.14-1.4mdv2010.0.i586.rpm\n 4e4674ec021b6f049694d945d2da8362  2010.0/i586/apache-source-2.2.14-1.4mdv2010.0.i586.rpm \n e94893f474b2777db10de23fdab07e99  2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 3a9b16453f85ba791b755c70880f4bb6  2010.0/x86_64/apache-base-2.2.14-1.4mdv2010.0.x86_64.rpm\n 4a8f74864d709908d9a4e37371a55015  2010.0/x86_64/apache-devel-2.2.14-1.4mdv2010.0.x86_64.rpm\n 68c08f5e75e65d8a1ee46a487a145ad1  2010.0/x86_64/apache-htcacheclean-2.2.14-1.4mdv2010.0.x86_64.rpm\n b16c9e431c3a150fd711dc2563c1124c  2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm\n 7ab650ea5dfcf70692b7309b6755946e  2010.0/x86_64/apache-mod_cache-2.2.14-1.4mdv2010.0.x86_64.rpm\n 47d19ce5b7e26832f48e2ba8416dedfb  2010.0/x86_64/apache-mod_dav-2.2.14-1.4mdv2010.0.x86_64.rpm\n fd4ef2c9ae898cbffd1416037f92c5ae  2010.0/x86_64/apache-mod_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm\n 80fa6fa1a47561803bbf77ec9910afd8  2010.0/x86_64/apache-mod_deflate-2.2.14-1.4mdv2010.0.x86_64.rpm\n e3320d59d9ea09562a56dbb4f88222ee  2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.x86_64.rpm\n 4234449b5ae220e69d7ba010bad00ba6  2010.0/x86_64/apache-mod_file_cache-2.2.14-1.4mdv2010.0.x86_64.rpm\n b420809b9fb623d8b553208724004367  2010.0/x86_64/apache-mod_ldap-2.2.14-1.4mdv2010.0.x86_64.rpm\n 51a6156b7a3610cafaebe0e5ea7c9782  2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.x86_64.rpm\n e13d2cea8bdb4c6d962094e7d284ac30  2010.0/x86_64/apache-mod_proxy-2.2.14-1.4mdv2010.0.x86_64.rpm\n 95932094d507bf5b41b582b554deff2c  2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.x86_64.rpm\n c68f9ba9d1a7917afff7a317712b098a  2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.x86_64.rpm\n 370de7fb272511910ad0a8278e8e65f3  2010.0/x86_64/apache-mod_ssl-2.2.14-1.4mdv2010.0.x86_64.rpm\n 9a6a05d650d0947afa1a6a3645f11371  2010.0/x86_64/apache-modules-2.2.14-1.4mdv2010.0.x86_64.rpm\n e9b8d38fa9f94fa840c5a781c90ed412  2010.0/x86_64/apache-mod_userdir-2.2.14-1.4mdv2010.0.x86_64.rpm\n 3f3476045c8b28c7bfd65f496d3f24c9  2010.0/x86_64/apache-mpm-event-2.2.14-1.4mdv2010.0.x86_64.rpm\n 07539efe82ed475c622541c162771a27  2010.0/x86_64/apache-mpm-itk-2.2.14-1.4mdv2010.0.x86_64.rpm\n 74d7fd8b49f996061b375c155f1f1630  2010.0/x86_64/apache-mpm-peruser-2.2.14-1.4mdv2010.0.x86_64.rpm\n f88aefd516b55db68839efc32af91073  2010.0/x86_64/apache-mpm-prefork-2.2.14-1.4mdv2010.0.x86_64.rpm\n 4356cebc14ee955781b48b51bed98016  2010.0/x86_64/apache-mpm-worker-2.2.14-1.4mdv2010.0.x86_64.rpm\n f88857e7a76c59196a3736b665d94080  2010.0/x86_64/apache-source-2.2.14-1.4mdv2010.0.x86_64.rpm \n e94893f474b2777db10de23fdab07e99  2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm\n\n Corporate 4.0:\n 668c6d9467773b4482233a474a7d792e  corporate/4.0/i586/apache-base-2.2.3-1.11.20060mlcs4.i586.rpm\n eaf9c8c593b700877d7d833f06056fe1  corporate/4.0/i586/apache-devel-2.2.3-1.11.20060mlcs4.i586.rpm\n 2b29abe3f2a0b774492bac9c249aca0a  corporate/4.0/i586/apache-htcacheclean-2.2.3-1.11.20060mlcs4.i586.rpm\n c70b3d5dd5111bdfa001cbff301f6c41  corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.i586.rpm\n 7906cc2799e66bdf2fc48be55926fe98  corporate/4.0/i586/apache-mod_cache-2.2.3-1.11.20060mlcs4.i586.rpm\n ee55e3d1a8e6263726caa85db1bb570f  corporate/4.0/i586/apache-mod_dav-2.2.3-1.11.20060mlcs4.i586.rpm\n d36275603d7c7eec7f593f8a7668b58c  corporate/4.0/i586/apache-mod_dbd-2.2.3-1.11.20060mlcs4.i586.rpm\n 10eb8dac17e94a340167d142eb2e83fd  corporate/4.0/i586/apache-mod_deflate-2.2.3-1.11.20060mlcs4.i586.rpm\n 9c70e39afb80762e7b668cea550ed67a  corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.i586.rpm\n 196433f929fe1198e3e760b7f1c92767  corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.i586.rpm\n 3303a316fa6f7f7bcfc57361a2ca7941  corporate/4.0/i586/apache-mod_ldap-2.2.3-1.11.20060mlcs4.i586.rpm\n a0d6f7df0f8654cf96e11a411ec61c79  corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.i586.rpm\n 75f4397b7f0fdf966c160f8d8d088396  corporate/4.0/i586/apache-mod_proxy-2.2.3-1.11.20060mlcs4.i586.rpm\n 2e20cfa63e8e6cef8c32db70a9bc9800  corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.i586.rpm\n e0c7446fff348dda594a07324a1d11aa  corporate/4.0/i586/apache-mod_ssl-2.2.3-1.11.20060mlcs4.i586.rpm\n d4c567cc1987747a48885a9b1f980a9e  corporate/4.0/i586/apache-modules-2.2.3-1.11.20060mlcs4.i586.rpm\n 855a41782047ee044f9a21f6071d86f1  corporate/4.0/i586/apache-mod_userdir-2.2.3-1.11.20060mlcs4.i586.rpm\n 08847dbd61763241c5a324a4968f8062  corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.i586.rpm\n 9d8564218ed1e042aee73935b849346f  corporate/4.0/i586/apache-mpm-worker-2.2.3-1.11.20060mlcs4.i586.rpm\n 65fdccb338608a8db640aacbaa05ff61  corporate/4.0/i586/apache-source-2.2.3-1.11.20060mlcs4.i586.rpm \n 09933b8326a89a171a12808354acd8cf  corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n f52950591695b1acf0a623ca6c3d25a7  corporate/4.0/x86_64/apache-base-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 9a37c7ce2aee7130bd13ce7458868065  corporate/4.0/x86_64/apache-devel-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 7aa953fcdecb937530a2ef6a0b945867  corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 9a0a976e094b004eb5bca13ac47d14c9  corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm\n bf78b0f1dc8c99908dba3fab47c51aa8  corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 0b6652d44db18642e0a26a675ccae2d2  corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 46b638e9045512672b62bff8d2996406  corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm\n b8b71e3dcf4745a20ef0294342b2ea18  corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.11.20060mlcs4.x86_64.rpm\n a97ba505ddeb185bcf9900def4151f33  corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm\n e0ad4578f1fa0aa35ff3228d48bc6ddd  corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm\n ed8221c22f6c1aa8f7122b41e3590b2b  corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.11.20060mlcs4.x86_64.rpm\n b9f9d4c8a9c05601e535b274d4d2925d  corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm\n b54558074746ad5ded4dfb8b1f98bed3  corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.11.20060mlcs4.x86_64.rpm\n f22fd7036529b6e989ce15a064decda7  corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 6a1aa90a04d512268ebec80efe8c6604  corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 0abaf16c45ddc32a74af0a0197ee516e  corporate/4.0/x86_64/apache-modules-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 6bf9fb8cbea2382ee4599cc564cf616b  corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.11.20060mlcs4.x86_64.rpm\n e1c5c7edde8868cfa9c50048c73cdfde  corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.x86_64.rpm\n aed1f4d44d52e7c57ab5b2315d1eb5de  corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.11.20060mlcs4.x86_64.rpm\n 79e7e8cbabd87b695079d17ea87a8f22  corporate/4.0/x86_64/apache-source-2.2.3-1.11.20060mlcs4.x86_64.rpm \n 09933b8326a89a171a12808354acd8cf  corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n ab753cc4d946b437ae2ccb92bc693214  mes5/i586/apache-base-2.2.9-12.9mdvmes5.i586.rpm\n b803256b19d3d6d67c4d0a8bb393b8e8  mes5/i586/apache-devel-2.2.9-12.9mdvmes5.i586.rpm\n aee26793a2a498fa6dc2f265759d5814  mes5/i586/apache-htcacheclean-2.2.9-12.9mdvmes5.i586.rpm\n bb56d96f1f9cb12da0c93fa5e8ced62c  mes5/i586/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.i586.rpm\n db388a6e86da85b0345549a769838338  mes5/i586/apache-mod_cache-2.2.9-12.9mdvmes5.i586.rpm\n 709a73e958cf8ea5e0e4e6de042a9616  mes5/i586/apache-mod_dav-2.2.9-12.9mdvmes5.i586.rpm\n 0c56296747ba09a45f3fdb65fe98289a  mes5/i586/apache-mod_dbd-2.2.9-12.9mdvmes5.i586.rpm\n 3919222f07bc617a67cd71bf5fcfbced  mes5/i586/apache-mod_deflate-2.2.9-12.9mdvmes5.i586.rpm\n 2bbc3c0f442d8cae8365c876a5ded950  mes5/i586/apache-mod_disk_cache-2.2.9-12.9mdvmes5.i586.rpm\n 17c669c5adb8cffb402ac967a9f7a422  mes5/i586/apache-mod_file_cache-2.2.9-12.9mdvmes5.i586.rpm\n 1525f35fab129296b804e5f17d18a6e9  mes5/i586/apache-mod_ldap-2.2.9-12.9mdvmes5.i586.rpm\n 86c8298f449398214cb3b8a5f399e790  mes5/i586/apache-mod_mem_cache-2.2.9-12.9mdvmes5.i586.rpm\n 04768b92d82a98f509231d4c870a1623  mes5/i586/apache-mod_proxy-2.2.9-12.9mdvmes5.i586.rpm\n 27cdd5af7a1c4537b0aad63eba70d561  mes5/i586/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.i586.rpm\n 0735424a7025fd9fec0364615a89399a  mes5/i586/apache-mod_ssl-2.2.9-12.9mdvmes5.i586.rpm\n a7ab1086cd5749fd546d006990240e8a  mes5/i586/apache-modules-2.2.9-12.9mdvmes5.i586.rpm\n 3ceb930ab6712f703342e831e1d11eca  mes5/i586/apache-mod_userdir-2.2.9-12.9mdvmes5.i586.rpm\n e8ec84e75a90188c5382e22f468f9cc6  mes5/i586/apache-mpm-event-2.2.9-12.9mdvmes5.i586.rpm\n 79139ce85dcc5852013bb94b045728b8  mes5/i586/apache-mpm-itk-2.2.9-12.9mdvmes5.i586.rpm\n 3ca13b36cde107ba6256f8c6881ae3ff  mes5/i586/apache-mpm-peruser-2.2.9-12.9mdvmes5.i586.rpm\n bff93a0aae65d96a98465b8743d24097  mes5/i586/apache-mpm-prefork-2.2.9-12.9mdvmes5.i586.rpm\n f31d43be7ef441542cdf5277a951bd13  mes5/i586/apache-mpm-worker-2.2.9-12.9mdvmes5.i586.rpm\n f0a69821d26df25985425d1e240d22eb  mes5/i586/apache-source-2.2.9-12.9mdvmes5.i586.rpm \n e77b08e4049e35c70caf5a9772fcb4d6  mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b5c4364550d30cadcb8da1713da1be43  mes5/x86_64/apache-base-2.2.9-12.9mdvmes5.x86_64.rpm\n 65cfde8292d15799777a1c0bf127c078  mes5/x86_64/apache-devel-2.2.9-12.9mdvmes5.x86_64.rpm\n 11cbc22e93750a05a7c9ac978542dc0d  mes5/x86_64/apache-htcacheclean-2.2.9-12.9mdvmes5.x86_64.rpm\n 603506340ac0226b47e837523a224ccc  mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.x86_64.rpm\n 6b00730124b1155e9e2093b2703549b0  mes5/x86_64/apache-mod_cache-2.2.9-12.9mdvmes5.x86_64.rpm\n 85996a15d22fc079e980caa59e8d4ec4  mes5/x86_64/apache-mod_dav-2.2.9-12.9mdvmes5.x86_64.rpm\n 23536fc192a03183b4205cccd26ca9a8  mes5/x86_64/apache-mod_dbd-2.2.9-12.9mdvmes5.x86_64.rpm\n 92e853e261b90443477cffe13d2003c2  mes5/x86_64/apache-mod_deflate-2.2.9-12.9mdvmes5.x86_64.rpm\n 9cfe368d3426e7db68eb3028f5859252  mes5/x86_64/apache-mod_disk_cache-2.2.9-12.9mdvmes5.x86_64.rpm\n 7def06fe5ea594bff7c2c56b0fd702cd  mes5/x86_64/apache-mod_file_cache-2.2.9-12.9mdvmes5.x86_64.rpm\n 8d5e9d9068fd593b39049135b952de3a  mes5/x86_64/apache-mod_ldap-2.2.9-12.9mdvmes5.x86_64.rpm\n 08d7f342b798fbac376b3b98d9b63a8d  mes5/x86_64/apache-mod_mem_cache-2.2.9-12.9mdvmes5.x86_64.rpm\n bc4ae67984c3ff95a6e743f055bdb820  mes5/x86_64/apache-mod_proxy-2.2.9-12.9mdvmes5.x86_64.rpm\n c7001da2dda0f9f6c123deedc6838c92  mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.x86_64.rpm\n ccebc8825a1e0cfe646e69ac3f69979c  mes5/x86_64/apache-mod_ssl-2.2.9-12.9mdvmes5.x86_64.rpm\n f6e8bd9997495e029c5116946309e674  mes5/x86_64/apache-modules-2.2.9-12.9mdvmes5.x86_64.rpm\n 0df2b76a7584cdd338ea3a07dc638f91  mes5/x86_64/apache-mod_userdir-2.2.9-12.9mdvmes5.x86_64.rpm\n 0da8cb061c0e998873ae918632779c91  mes5/x86_64/apache-mpm-event-2.2.9-12.9mdvmes5.x86_64.rpm\n 4a10c80635de94349ecea9d2a4f47f6f  mes5/x86_64/apache-mpm-itk-2.2.9-12.9mdvmes5.x86_64.rpm\n 85226385f0c88832485bf4cd5971bccc  mes5/x86_64/apache-mpm-peruser-2.2.9-12.9mdvmes5.x86_64.rpm\n bb68e58098534428bb50f440a5b527e6  mes5/x86_64/apache-mpm-prefork-2.2.9-12.9mdvmes5.x86_64.rpm\n 359057702b8979d498c01e290ada60bf  mes5/x86_64/apache-mpm-worker-2.2.9-12.9mdvmes5.x86_64.rpm\n 1ab2afc3b67ebef018b54326e1316192  mes5/x86_64/apache-source-2.2.9-12.9mdvmes5.x86_64.rpm \n e77b08e4049e35c70caf5a9772fcb4d6  mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLkqZUmqjQ0CJFipgRAi2DAKDqzmVn1xVe0S9g4aPVNUZ1agLOfQCgyOLQ\nCroOeqtSuQuKm9aO+TC3+rE=\n=g/4G\n-----END PGP SIGNATURE-----\n. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might obtain sensitive information, gain privileges,\nsend requests to unintended servers behind proxies, bypass certain\nsecurity restrictions, obtain the values of HTTPOnly cookies, or cause\na Denial of Service in various ways. \n\nA local attacker could gain escalated privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[  1 ] CVE-2010-0408\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[  2 ] CVE-2010-0434\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[  3 ] CVE-2010-1452\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[  4 ] CVE-2010-2791\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[  5 ] CVE-2011-3192\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[  6 ] CVE-2011-3348\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[  7 ] CVE-2011-3368\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[  8 ] CVE-2011-3607\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[  9 ] CVE-2011-4317\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\n\nUse WSUS to deploy 3rd party patches\n\nPublic BETA\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache HTTP Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38776\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38776/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Apache HTTP Server, where\none has unknown impacts and others can be exploited by malicious\npeople to gain access to potentially sensitive information or cause a\nDoS (Denial of Service). \n\n1) The \"ap_proxy_ajp_request()\" function in\nmodules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the\n\"HTTP_INTERNAL_SERVER_ERROR\" error code when processing certain\nmalformed requests. This can be exploited to put the backend server\ninto an error state until the retry timeout expired by sending\nspecially crafted requests. \n\n3) An error exists within the header handling when processing\nsubrequests, which can lead to sensitive information from a request\nbeing handled by the wrong thread if a multi-threaded\nMulti-Processing Module (MPM) is used. \n\nVulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2,\n2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and\n2.2.14. \n\nSOLUTION:\nFixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it\nbecomes available. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor. \n3) Reported in a bug report by Philip Pickett\n\nORIGINAL ADVISORY:\nhttp://httpd.apache.org/security/vulnerabilities_22.html\nhttp://svn.apache.org/viewvc?view=revision\u0026revision=917875 \nhttp://svn.apache.org/viewvc?view=revision\u0026revision=917870\nhttps://issues.apache.org/bugzilla/show_bug.cgi?id=48359\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2010-0014\nSynopsis:          VMware Workstation, Player, and ACE address several\n                   security issues. \nIssue date:        2010-09-23\nUpdated on:        2010-09-23 (initial release of advisory)\nCVE numbers:       CVE-2010-3277 CVE-2010-1205 CVE-2010-0205\n                   CVE-2010-2249 CVE-2010-0434 CVE-2010-0425\n- ------------------------------------------------------------------------\n\n1. Summary\n\n   VMware Workstation and Player address a potential installer security\n   issue and security issues in libpng. VMware ACE Management Server\n   (AMS) for Windows updates Apache httpd. \n\n2. Relevant releases\n\n   VMware Workstation 7.1.1 and earlier,\n   VMware Player 3.1.1 and earlier,\n   VMware ACE Management Server 2.7.1 and earlier,\n\n   Note: VMware Server was declared End Of Availability on January 2010,\n         support will be limited to Technical Guidance for the duration\n         of the support term. \n\n3. Problem Description\n\n a. VMware Workstation and Player installer security issue\n\n    The Workstation 7.x and Player 3.x installers will load an index.htm\n    file located in the current working directory on which Workstation\n    7.x or Player 3.x is being installed. This may allow an attacker to\n    display a malicious file if they manage to get their file onto the\n    system prior to installation. \n\n    The issue can only be exploited at the time that Workstation 7.x or\n    Player 3.x is being installed. The security issue is no longer present in\n    the installer of the new versions of Workstation 7.x and Player 3.x\n    (see table below for the version numbers). \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the name CVE-2010-3277 to this issue. \n\n    VMware would like to thank Alexander Trofimov and Marc Esher for\n    independently reporting this issue to VMware. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.x       any      7.1.2 build 301548 or later *\n    Workstation    6.5.x     any      not affected\n\n    Player         3.x       any      3.1.2 build 301548 or later *\n    Player         2.5.x     any      not affected\n\n    AMS            any       any      not affected\n\n    Server         any       any      not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n * Note: This only affects the installer, if you have a version of\n         Workstation or Player installed you are not vulnerable. \n\n\n b. Third party libpng updated to version 1.2.44\n\n    A buffer overflow condition in libpng is addressed that could\n    potentially lead to code execution with the privileges of the\n    application using libpng. Two potential denial of service issues\n    are also addressed in the update. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249\n    to these issues. \n\n    The following table lists what action remediates the vulnerability\n    (column 4) if a solution is available. \n\n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    7.1.x     any      7.1.2 build 301548 or later\n    Workstation    6.5.x     any      affected, patch pending\n\n    Player         3.1.x     any      3.1.2 build 301548 or later\n    Player         2.5.x     any      affected, patch pending\n\n    AMS            any       any      not affected\n\n    Server         any       any      affected, no patch planned\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n\n c. VMware ACE Management Server (AMS) for Windows updates Apache httpd\n    version 2.2.15. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    has assigned the names CVE-2010-0434 and CVE-2010-0425 to the\n    issues addressed in this update. \n\n    Column 4 of the following table lists the action required to\n    remediate the vulnerability in each release, if a solution is\n    available. \n\n    VMware         Product   Running  Replace with/\n    Product        Version   on       Apply Patch\n    =============  ========  =======  =================\n    VirtualCenter  any       Windows  not affected\n\n    Workstation    any       any      not affected\n\n    Player         any       any      not affected\n\n    AMS            any       Windows  2.7.2 build 301548 or later\n    AMS            any       Linux    affected, patch pending *\n\n    Server         any       any      not affected\n\n    Fusion         any       Mac OS/X not affected\n\n    ESXi           any       ESXi     not affected\n\n    ESX            any       ESX      not affected\n\n * Note CVE-2010-0425 is not applicable to AMS running on Linux\n\n4. Solution\n   Please review the patch/release notes for your product and version\n   and verify the md5sum and/or the sha1sum of your downloaded file. \n\n   VMware Workstation 7.1.2\n   ------------------------\n   http://www.vmware.com/download/ws/\n   Release notes:\n   http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html\n\n   Workstation for Windows 32-bit and 64-bit with VMware Tools\t\n   md5sum: 2e9715ec297dc3ca904ad2707d3e2614\n   sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a\n\n   Workstation for Windows 32-bit and 64-bit without VMware Tools\t\n   md5sum: 066929f59aef46f11f4d9fd6c6b36e4d\n   sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3\n\n   VMware Player 3.1.2\n   -------------------\n   http://www.vmware.com/download/player/\n   Release notes:\n\nhttp://downloads.vmware.com/support/player31/doc/releasenotes_player312.html\n\n   VMware Player for Windows 32-bit and 64-bit\t\n   md5sum: 3f289cb33af5e425c92d8512fb22a7ba\n   sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70\n\n   VMware Player for Linux 32-bit\t\n   md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8\n   sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749\n\n   VMware Player for Linux 64-bit\t\n   md5sum: 2ab08e0d4050719845a64d334ca15bb1\n   sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c\n\n   VMware ACE Management Server 2.7.2\n   ----------------------------------\n   http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7\n   Release notes:\n   http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html\n\n   ACE Management Server for Windows\t\n   md5sum: 02f0072b8e48a98ed914b633f070d550\n   sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4\n\n5. References\n\n   CVE numbers\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-09-23  VMSA-2010-0014\nInitial security advisory after release of Workstation 7.1.2,\nPlayer 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n  * security-announce at lists.vmware.com\n  * bugtraq at securityfocus.com\n  * full-disclosure at lists.grok.org.uk\n\nE-mail:  security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware Security Advisories\nhttp://www.vmware.com/security/advisoiries\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh\neTgAoIAmx+ilbe2myj02daLjFrVQfQII\n=5jlh\n-----END PGP SIGNATURE-----\n. \n\nRelease Date: 2010-06-02\nLast Updated: 2010-06-02\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. \nHP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09\nHP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2009-3094    (AV:N/AC:H/Au:N/C:N/I:N/A:C)       5.4\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2010-0408    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2010-0740    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2010-0433    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2010-0434    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nNote: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30;\nCVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Web Server Suite before v3.09\nHP-UX B.11.23\n==================\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\naction: install revision B.2.2.8.09 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.8.09 or subsequent\n\nFor Web Server Suite before v2.30\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 2 June 2010 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          },
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "PACKETSTORM",
            "id": "86978"
          },
          {
            "db": "PACKETSTORM",
            "id": "114141"
          },
          {
            "db": "PACKETSTORM",
            "id": "86860"
          },
          {
            "db": "PACKETSTORM",
            "id": "94244"
          },
          {
            "db": "PACKETSTORM",
            "id": "90263"
          }
        ],
        "trust": 4.14
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2010-0434",
            "trust": 3.7
          },
          {
            "db": "BID",
            "id": "38494",
            "trust": 2.2
          },
          {
            "db": "SECUNIA",
            "id": "39115",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "40096",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "39100",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "39628",
            "trust": 1.9
          },
          {
            "db": "SECUNIA",
            "id": "38776",
            "trust": 1.7
          },
          {
            "db": "BID",
            "id": "38580",
            "trust": 1.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#280613",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "39656",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "39501",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "39632",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-1057",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-0994",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-1001",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-1411",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2010-0911",
            "trust": 1.1
          },
          {
            "db": "XF",
            "id": "56625",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0434",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86978",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "114141",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "86860",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "94244",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "90263",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          },
          {
            "db": "PACKETSTORM",
            "id": "86978"
          },
          {
            "db": "PACKETSTORM",
            "id": "114141"
          },
          {
            "db": "PACKETSTORM",
            "id": "86860"
          },
          {
            "db": "PACKETSTORM",
            "id": "94244"
          },
          {
            "db": "PACKETSTORM",
            "id": "90263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "id": "VAR-201003-1105",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.17203079500000001
      },
      "last_update_date": "2026-03-07T21:44:14.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HS11-007",
            "trust": 1.6,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-007/index.html"
          },
          {
            "title": "Fixed in Apache httpd 2.0.64",
            "trust": 0.8,
            "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
          },
          {
            "title": "Fixed in Apache httpd 2.2.15",
            "trust": 0.8,
            "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.15"
          },
          {
            "title": "917867",
            "trust": 0.8,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=917867"
          },
          {
            "title": "HT4435",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "title": "HT4435",
            "trust": 0.8,
            "url": "http://support.apple.com/kb/HT4435?viewlocale=ja_JP"
          },
          {
            "title": "httpd-2.2.3-31.4.0.1.AXS3",
            "trust": 0.8,
            "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1017"
          },
          {
            "title": "HPUXWSATW313",
            "trust": 0.8,
            "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313"
          },
          {
            "title": "HPSBUX02531",
            "trust": 0.8,
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02160663"
          },
          {
            "title": "PM10658",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
          },
          {
            "title": "PM08939",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939"
          },
          {
            "title": "7014463",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70011"
          },
          {
            "title": "7014506",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506#70011"
          },
          {
            "title": "4026207",
            "trust": 0.8,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24026207"
          },
          {
            "title": "2216",
            "trust": 0.8,
            "url": "https://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2216"
          },
          {
            "title": "2044",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2044"
          },
          {
            "title": "Oracle Critical Patch Update Advisory - July 2013",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
          },
          {
            "title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices",
            "trust": 0.8,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html"
          },
          {
            "title": "RHSA-2010:0168",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0168.html"
          },
          {
            "title": "RHSA-2010:0175",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2010-0175.html"
          },
          {
            "title": "multiple_vulnerabilities_in_the_apache",
            "trust": 0.8,
            "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
          },
          {
            "title": "July 2013 Critical Patch Update Released ",
            "trust": 0.8,
            "url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update"
          },
          {
            "title": "TLSA-2010-9",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-9j.txt"
          },
          {
            "title": "HS11-007",
            "trust": 0.8,
            "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html"
          },
          {
            "title": "interstage_as_201002",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201002.html"
          },
          {
            "title": "Red Hat: Low: httpd security, bug fix, and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100175 - Security Advisory"
          },
          {
            "title": "Red Hat: Moderate: httpd security and enhancement update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100168 - Security Advisory"
          },
          {
            "title": "Debian Security Advisories: DSA-2035-1 apache2 -- multiple issues",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=3811ba0094d0547e7396cfccd4bfa0e7"
          },
          {
            "title": "Ubuntu Security Notice: apache2 vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-908-1"
          },
          {
            "title": "Debian CVElist Bug Report Logs: \"slowloris\" denial-of-service vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ed45f95901af77f1f752912d098b48e"
          },
          {
            "title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2010-0434 "
          },
          {
            "title": "Pentest-Cheetsheet",
            "trust": 0.1,
            "url": "https://github.com/MrFrozenPepe/Pentest-Cheetsheet "
          },
          {
            "title": "ReconScan",
            "trust": 0.1,
            "url": "https://github.com/GiJ03/ReconScan "
          },
          {
            "title": "ReconScan",
            "trust": 0.1,
            "url": "https://github.com/RoliSoft/ReconScan "
          },
          {
            "title": "test",
            "trust": 0.1,
            "url": "https://github.com/issdp/test "
          },
          {
            "title": "ReconScan",
            "trust": 0.1,
            "url": "https://github.com/kira1111/ReconScan "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/SecureAxom/strike "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/DButter/whitehat_public "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
          },
          {
            "trust": 2.3,
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=48359"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/38494"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/39628"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/40096"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/39100"
          },
          {
            "trust": 1.9,
            "url": "http://secunia.com/advisories/39115"
          },
          {
            "trust": 1.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0434"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/38776/"
          },
          {
            "trust": 1.7,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
          },
          {
            "trust": 1.7,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm08939"
          },
          {
            "trust": 1.7,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
          },
          {
            "trust": 1.6,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0434"
          },
          {
            "trust": 1.4,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm15829"
          },
          {
            "trust": 1.2,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=917870"
          },
          {
            "trust": 1.2,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=917867"
          },
          {
            "trust": 1.1,
            "url": "http://httpd.apache.org/security/vulnerabilities_20.html"
          },
          {
            "trust": 1.1,
            "url": " http://www.senseofsecurity.com.au/advisories/sos-10-002"
          },
          {
            "trust": 1.1,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=918427"
          },
          {
            "trust": 1.1,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
          },
          {
            "trust": 1.1,
            "url": "http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?r1=917617\u0026r2=917867\u0026pathrev=917867\u0026diff_format=h"
          },
          {
            "trust": 1.1,
            "url": "http://www.redhat.com/support/errata/rhsa-2010-0168.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.redhat.com/support/errata/rhsa-2010-0175.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/39501"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
          },
          {
            "trust": 1.1,
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2010/1057"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/39632"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2010/0911"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2010/0994"
          },
          {
            "trust": 1.1,
            "url": "http://www.debian.org/security/2010/dsa-2035"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2010/1001"
          },
          {
            "trust": 1.1,
            "url": "http://secunia.com/advisories/39656"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2010/1411"
          },
          {
            "trust": 1.1,
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/security/advisories/vmsa-2010-0014.html"
          },
          {
            "trust": 1.1,
            "url": "http://support.apple.com/kb/ht4435"
          },
          {
            "trust": 1.1,
            "url": "http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html"
          },
          {
            "trust": 1.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56625"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8695"
          },
          {
            "trust": 1.1,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10358"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 0.9,
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=917875"
          },
          {
            "trust": 0.9,
            "url": "http://www.securityfocus.com/bid/38580"
          },
          {
            "trust": 0.9,
            "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/56625"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu331391"
          },
          {
            "trust": 0.6,
            "url": "http://httpd.apache.org/"
          },
          {
            "trust": 0.6,
            "url": "http://kolab.org/pipermail/kolab-announce/2010/000095.html"
          },
          {
            "trust": 0.6,
            "url": "http://support.avaya.com/css/p8/documents/100081009"
          },
          {
            "trust": 0.6,
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2bf1cf911c7a90284862576ed003c73aa"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100081010"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm09447"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201002e.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/280613"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2010:0175"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2010-0434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/908-1/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/./dsa-2035"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348"
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-201206-25.xml"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
          },
          {
            "trust": 0.1,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security/advisoiries"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0425"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3277"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3277"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/1055"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0205"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0425"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2249"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2249"
          },
          {
            "trust": 0.1,
            "url": "http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          },
          {
            "db": "PACKETSTORM",
            "id": "86978"
          },
          {
            "db": "PACKETSTORM",
            "id": "114141"
          },
          {
            "db": "PACKETSTORM",
            "id": "86860"
          },
          {
            "db": "PACKETSTORM",
            "id": "94244"
          },
          {
            "db": "PACKETSTORM",
            "id": "90263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          },
          {
            "db": "PACKETSTORM",
            "id": "86978"
          },
          {
            "db": "PACKETSTORM",
            "id": "114141"
          },
          {
            "db": "PACKETSTORM",
            "id": "86860"
          },
          {
            "db": "PACKETSTORM",
            "id": "94244"
          },
          {
            "db": "PACKETSTORM",
            "id": "90263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-03-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "date": "2010-03-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "date": "2010-03-02T00:00:00",
            "db": "BID",
            "id": "38580"
          },
          {
            "date": "2010-03-02T00:00:00",
            "db": "BID",
            "id": "38494"
          },
          {
            "date": "2010-03-08T21:23:47",
            "db": "PACKETSTORM",
            "id": "86978"
          },
          {
            "date": "2012-06-24T23:54:52",
            "db": "PACKETSTORM",
            "id": "114141"
          },
          {
            "date": "2010-03-03T13:02:16",
            "db": "PACKETSTORM",
            "id": "86860"
          },
          {
            "date": "2010-09-25T18:50:30",
            "db": "PACKETSTORM",
            "id": "94244"
          },
          {
            "date": "2010-06-04T04:25:14",
            "db": "PACKETSTORM",
            "id": "90263"
          },
          {
            "date": "2010-03-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "date": "2011-06-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "date": "2010-03-05T19:30:00.577000",
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2010-03-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#280613"
          },
          {
            "date": "2023-02-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2010-0434"
          },
          {
            "date": "2015-04-13T21:39:00",
            "db": "BID",
            "id": "38580"
          },
          {
            "date": "2015-04-13T21:26:00",
            "db": "BID",
            "id": "38494"
          },
          {
            "date": "2014-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2010-001174"
          },
          {
            "date": "2014-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-001633"
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2010-0434"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "38580"
          },
          {
            "db": "BID",
            "id": "38494"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Apache mod_isapi module library unload results in orphaned callback pointers",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#280613"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "38580"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201108-0132

    Vulnerability from variot - Updated: 2026-03-07 20:00

    The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled. Both the 'Range' header and the 'Range-Request' header are vulnerable. An attack tool, commonly known as 'Apache Killer', has been released in the wild. The attack tool causes a significant increase in CPU and memory usage on the server. Successful exploits will result in a denial-of-service condition. ========================================================================== Ubuntu Security Notice USN-1199-1 September 01, 2011

    apache2 vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 11.04
    • Ubuntu 10.10
    • Ubuntu 10.04 LTS
    • Ubuntu 8.04 LTS

    Summary:

    A remote attacker could send crafted input to Apache and cause it to crash.

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 11.04: apache2.2-bin 2.2.17-1ubuntu1.2

    Ubuntu 10.10: apache2.2-bin 2.2.16-1ubuntu3.3

    Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.6

    Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.21 apache2-mpm-perchild 2.2.8-1ubuntu0.21 apache2-mpm-prefork 2.2.8-1ubuntu0.21 apache2-mpm-worker 2.2.8-1ubuntu0.21

    In general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------

    The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242


    TITLE: Hitachi Web Server ByteRange Filter Denial of Service Vulnerability

    SECUNIA ADVISORY ID: SA45865

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45865

    RELEASE DATE: 2011-09-05

    DISCUSS ADVISORY: http://secunia.com/advisories/45865/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/45865/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=45865

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

    ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Summary:

    Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.

    The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64

    1. (CVE-2011-3192)

    All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

    1. Solution:

    Before applying this update, make sure all previously-released errata relevant to your system have been applied.

    This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

    1. Bugs fixed (http://bugzilla.redhat.com/):

    732928 - CVE-2011-3192 httpd: multiple ranges DoS

    1. Package List:

    Red Hat Enterprise Linux (v. 5.3.LL server):

    Source: httpd-2.2.3-22.el5_3.3.src.rpm

    i386: httpd-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-manual-2.2.3-22.el5_3.3.i386.rpm mod_ssl-2.2.3-22.el5_3.3.i386.rpm

    ia64: httpd-2.2.3-22.el5_3.3.ia64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm httpd-devel-2.2.3-22.el5_3.3.ia64.rpm httpd-manual-2.2.3-22.el5_3.3.ia64.rpm mod_ssl-2.2.3-22.el5_3.3.ia64.rpm

    x86_64: httpd-2.2.3-22.el5_3.3.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.x86_64.rpm httpd-manual-2.2.3-22.el5_3.3.x86_64.rpm mod_ssl-2.2.3-22.el5_3.3.x86_64.rpm

    Red Hat Enterprise Linux (v. 5 server):

    Source: httpd-2.2.3-45.el5_6.2.src.rpm

    i386: httpd-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-manual-2.2.3-45.el5_6.2.i386.rpm mod_ssl-2.2.3-45.el5_6.2.i386.rpm

    ia64: httpd-2.2.3-45.el5_6.2.ia64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm httpd-devel-2.2.3-45.el5_6.2.ia64.rpm httpd-manual-2.2.3-45.el5_6.2.ia64.rpm mod_ssl-2.2.3-45.el5_6.2.ia64.rpm

    ppc: httpd-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm httpd-devel-2.2.3-45.el5_6.2.ppc.rpm httpd-devel-2.2.3-45.el5_6.2.ppc64.rpm httpd-manual-2.2.3-45.el5_6.2.ppc.rpm mod_ssl-2.2.3-45.el5_6.2.ppc.rpm

    s390x: httpd-2.2.3-45.el5_6.2.s390x.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm httpd-devel-2.2.3-45.el5_6.2.s390.rpm httpd-devel-2.2.3-45.el5_6.2.s390x.rpm httpd-manual-2.2.3-45.el5_6.2.s390x.rpm mod_ssl-2.2.3-45.el5_6.2.s390x.rpm

    x86_64: httpd-2.2.3-45.el5_6.2.x86_64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.x86_64.rpm httpd-manual-2.2.3-45.el5_6.2.x86_64.rpm mod_ssl-2.2.3-45.el5_6.2.x86_64.rpm

    Red Hat Enterprise Linux Server (v. 6.0.z):

    Source: httpd-2.2.15-5.el6_0.1.src.rpm

    i386: httpd-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-tools-2.2.15-5.el6_0.1.i686.rpm mod_ssl-2.2.15-5.el6_0.1.i686.rpm

    noarch: httpd-manual-2.2.15-5.el6_0.1.noarch.rpm

    ppc64: httpd-2.2.15-5.el6_0.1.ppc64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm httpd-devel-2.2.15-5.el6_0.1.ppc.rpm httpd-devel-2.2.15-5.el6_0.1.ppc64.rpm httpd-tools-2.2.15-5.el6_0.1.ppc64.rpm mod_ssl-2.2.15-5.el6_0.1.ppc64.rpm

    s390x: httpd-2.2.15-5.el6_0.1.s390x.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm httpd-devel-2.2.15-5.el6_0.1.s390.rpm httpd-devel-2.2.15-5.el6_0.1.s390x.rpm httpd-tools-2.2.15-5.el6_0.1.s390x.rpm mod_ssl-2.2.15-5.el6_0.1.s390x.rpm

    x86_64: httpd-2.2.15-5.el6_0.1.x86_64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.x86_64.rpm httpd-tools-2.2.15-5.el6_0.1.x86_64.rpm mod_ssl-2.2.15-5.el6_0.1.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

    1. References:

    https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c02997184 Version: 2

    HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2011-09-08 Last Updated: 2011-09-08


    Potential Security Impact: Remote Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS).

    References: CVE-2011-3192, CVE-2011-0419

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    This bulletin will be revised when additional information becomes available.

    HP has provided the following software update to resolve these vulnerabilities.

    The update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5

    HP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08 HP-UX 11i Release / Apache Depot name

    B.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot

    B.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot

    HP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier HP-UX 11i Release / Apache Depot name

    B.11.11 / Use work around suggested below B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18

    Alternatives to Installing the Preliminary Patch The Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. Note: that no patch is available for Apache 2.0.64.01.

    1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request.

    2) Limit the size of the request field to a few hundred bytes.

    3) Use mod_headers to completely disallow the use of Range headers.

    Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e

    MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.18 or subsequent.

    PRODUCT SPECIFIC INFORMATION

    HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.

    It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

    The following text is for use by the HP-UX Software Assistant.

    AFFECTED VERSIONS

    HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent

    END AFFECTED VERSIONS

    HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

    Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

    Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

    3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

    Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

    iEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp aWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C =MTc6 -----END PGP SIGNATURE----- . Enjoy!

    • apache has been upgraded to the latest version (2.2.21) for 2011

    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192


    Updated Packages:

    Mandriva Linux 2011: 5c4825e4c63b4a06c68a5fd81517de71 2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm b5a00191b27804f9735643cdcd704b19 2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm 49defd7efbb4a37ec49c01c7ef9c64aa 2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm a023e40689777630df036eae1a84a475 2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm f03744bb74a3e0872cb08465799c3ee1 2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm bb9efa66089deef66f9434b813d41a95 2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm bb334eb7fe43927ba7c6c9196b4e1fd1 2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm 086b5ed82c064b16964fff70bf9c841e 2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm 115008b2471e10ea01689dafe5c46bcd 2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm 6b686ec6612ff8740d1e482faa06c544 2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm 8c8f14074bc0dbbeb2b3890611f95c6b 2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm b03569edc20c9393e0b5eea09f590368 2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm 343703d3822a6757e000edeebe7e0a06 2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm 3457011403525d40e525716c4da8e477 2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm 3d060145b3665ca4c0b309f812af9370 2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm a0e00b0610eb5a8c5c57afabeafc07f8 2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm dd4bb38bbc2997ca398fb37225eca371 2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm 2966cdfddf02fa32447711af6a3046dd 2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm 48774d9c282dc476f35a0c8b2e821a7f 2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm 7b832f85bd258abf0c7abb161f4028b4 2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm 1c6b93eaa5b27477989bf82ea9a63685 2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm 1e7dc0ee3fafae8a786be0cc164ebe4a 2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm ab2d074f2dfe57a64b022d4e6b8254ab 2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm a22debf09366b64e236965a4091009e9 2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm 174aed4327491b83f147f3b4e76bcd1f 2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm e141881c27496e7e74ad7f3f566a1bd2 2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm 97893069a3d6eb73e3773bc0ee78c9a4 2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm fe530e2da15b3e0bf14c617824ff82c9 2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm

    Mandriva Linux 2011/X86_64: 8837c56966896e10d3403956e7cf86ac 2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm aec6da25319585e53623471734f99c57 2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm e8600455214ad4f2303d9f36576e4952 2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm 90694f3211fca3d436ec4130b8bb43e2 2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm fd3f6a51c8abf8b1ff8356489ba6d6e1 2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm 796c8129bbc160455587bc54c58c2220 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 61add54b6e0c8306dff065a150b262e2 2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm cb98169c29008c256662f3a08141bf95 2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm 5aa03ee54a7e40d41fd746fd1a223c72 2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 386a956f014fe2d64dfe38fc261abd39 2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm 5a473bc45fa59323c4d526dd4f5a30d3 2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm aaa544f7a4912c161a2c73e222ae87d6 2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm f04054edc62a24ea9042c5b41074bd1d 2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm 1c97f63c1169f483d086a94b97f5c421 2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm ca912c34fec5cf470947a7f87e9705a4 2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm b5ae70a8ed412e40275b4de7b639caa0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm 6b11b032c13277712c336405ea23a8b0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm 874a420342f1ea9278e014b79fe5a337 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm 2757b3d7c8261563e22c41d3f94aaa29 2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm 6edbc6963aab9beee507f9a3c8be38a2 2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm fe6143eaa1acc0de751198ea19129279 2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm 3e66fa1e1e2cf243c1c6472243cb86fe 2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d45bfd7d3aa87d45d2287fdd9507847 2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm bce9e2cdffe45cbc4baf72f0d0c4000e 2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm 217bd96dfa802f7d049b6fd12600b154 2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm cc304b9011d16d7f3cf5c8250e4d9f18 2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm a8bb9b62c39f98a6df728d51a4fff39a 2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d41c857be2574ac5f3ea7090a1f3c78 2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

    iD8DBQFOdErbmqjQ0CJFipgRArO0AJ9MeU1I/ItvY699awHPqXD7TZZ46gCeP/Lc OVJD0GobLzQ3q1XZS8WiqdY= =O8Ag -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "03-00-02"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 1.5,
            "vendor": "hitachi",
            "version": "03-10"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.65"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.2.20"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "apache",
            "version": "2.0.35"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux enterprise software development kit",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "web server linux",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "03-00-05"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "hitachi",
            "version": "03-10-01"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apache http server",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva s a",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/cm2/snmp system observer",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-03"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "5.9-08"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "5.9-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-03"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-02"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-04"
          },
          {
            "_id": null,
            "model": "web server linux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-01"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-00"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.0-06"
          },
          {
            "_id": null,
            "model": "replication manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.0-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "replication manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-04"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.1.1-01"
          },
          {
            "_id": null,
            "model": "replication manager software )",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hitachi",
            "version": "04-10-02"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "management center for cisco security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-04"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.6-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.58"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.54"
          },
          {
            "_id": null,
            "model": "interstage apworks modelers-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.42"
          },
          {
            "_id": null,
            "model": "replication manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.401"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50"
          },
          {
            "_id": null,
            "model": "interstage application server plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "61.0.2"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-03"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "61.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.41"
          },
          {
            "_id": null,
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.57"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.11"
          },
          {
            "_id": null,
            "model": "web server aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-06(x64))"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "replication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-01"
          },
          {
            "_id": null,
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.49"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-06"
          },
          {
            "_id": null,
            "model": "web server 04-10",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.0.61-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-50"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-02"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.50"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.0-68"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.7"
          },
          {
            "_id": null,
            "model": "interstage service integrator standard edition 9.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.10"
          },
          {
            "_id": null,
            "model": "software foundation apache -beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.34"
          },
          {
            "_id": null,
            "model": "point software secureplatform r60 hfa 05",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris express",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "11"
          },
          {
            "_id": null,
            "model": "systemwalker service quality coordinator enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "13.5"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2-77"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.4"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-03"
          },
          {
            "_id": null,
            "model": "jp1/hicommand provisioning manager (solaris(sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager standard editio 10.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.8"
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "provisioning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "job management partner 1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "software foundation apache -dev",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.56"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.5"
          },
          {
            "_id": null,
            "model": "jp1/hicommand provisioning manager )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-03"
          },
          {
            "_id": null,
            "model": "web server solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-01"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-06"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "provisioning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "systemwalker availability view enterprise edition 13.3.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.17"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-03"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10-04"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager standard editio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "point software secureplatform r65 hfa02",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "software foundation apache -beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.28"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.15"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.27"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-04(x64))"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01(x64)"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.3.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "interstage apworks modelers-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "network collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.96"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.55"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.2.6-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-04"
          },
          {
            "_id": null,
            "model": "interstage service integrator enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.5-00"
          },
          {
            "_id": null,
            "model": "systemwalker availability view standard edition 13.3.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.17"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "interstage list manager enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.2.15-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager (solaris (s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.9.0-08"
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-01"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager enterprise edit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "web server (hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-0011.0)"
          },
          {
            "_id": null,
            "model": "web server 2).(sola",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-01(*"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager enterprise edit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "point software secureplatform ng fp1",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.2"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.5"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10-05"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.45"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53-01"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "point software endpoint security",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "check",
            "version": "0"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.001"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.4"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "51.0.2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.12"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-30"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.9-00(x64))"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "point software secureplatform r65.70",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/hicommand provisioning manager )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.13"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.68"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.0.164"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.102"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-03"
          },
          {
            "_id": null,
            "model": "systemwalker availability view standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "video surveillance operations manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-08"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-02"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.31"
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-08"
          },
          {
            "_id": null,
            "model": "software foundation apache beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.28"
          },
          {
            "_id": null,
            "model": "network collector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-04"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.28"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-03(x64))"
          },
          {
            "_id": null,
            "model": "point software secureplatform ng fp2",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.35"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-00"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5665"
          },
          {
            "_id": null,
            "model": "software foundation apache a9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.42"
          },
          {
            "_id": null,
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0-103"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-05"
          },
          {
            "_id": null,
            "model": "os/400 v6r1m0",
            "scope": null,
            "trust": 0.3,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0.95"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "voice portal sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.8"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.2.5-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-10"
          },
          {
            "_id": null,
            "model": "onboard administrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.32"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-07"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-53"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.15"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-06"
          },
          {
            "_id": null,
            "model": "point software security gateways",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "check",
            "version": "0"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "san-os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0.0-95"
          },
          {
            "_id": null,
            "model": "onboard administrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.31"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.41"
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.59"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0.2"
          },
          {
            "_id": null,
            "model": "groupware server -rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.2"
          },
          {
            "_id": null,
            "model": "meeting exchange sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "interstage software quality analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "aura messaging",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-20"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.19"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "application stack",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "v20"
          },
          {
            "_id": null,
            "model": "jp1/it service level management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-20"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.0.163"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51-01"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "onboard administrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.50"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.5"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.402"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11.4"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-03"
          },
          {
            "_id": null,
            "model": "interstage application server standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "messaging storage server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.2"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.51"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.17"
          },
          {
            "_id": null,
            "model": "web server 04-00.",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.18"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition 9.1.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.20"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1-73"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00(x64))"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-04"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "51.0"
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.35"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.27"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-02"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop version",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10-01"
          },
          {
            "_id": null,
            "model": "replication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "voice portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.3.38-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.6"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.3.3"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.95"
          },
          {
            "_id": null,
            "model": "interstage application server plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-02"
          },
          {
            "_id": null,
            "model": "interstage application server web-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-30"
          },
          {
            "_id": null,
            "model": "interstage service integrator standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "point software dlp-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "check",
            "version": "0"
          },
          {
            "_id": null,
            "model": "interstage application server plus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "meeting exchange sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.39"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "point software secureplatform r71.30",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0.0.13"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-11"
          },
          {
            "_id": null,
            "model": "jp1/cm2/snmp system observer )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-00"
          },
          {
            "_id": null,
            "model": "system management homepage b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.2.77"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "application server 10g r2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.3.0"
          },
          {
            "_id": null,
            "model": "groupware server 2.2-rc1",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.3.0-00"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-05"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5687"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6"
          },
          {
            "_id": null,
            "model": "systemwalker service quality coordinator enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "13.4"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "message networking sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server for vmware sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.43"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.64"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "jp1/it service level management manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-01"
          },
          {
            "_id": null,
            "model": "transportation manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "5.5.06.00"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.401"
          },
          {
            "_id": null,
            "model": "hat enterprise linux server 6.0.z",
            "scope": null,
            "trust": 0.3,
            "vendor": "red",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.46"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.25"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-03"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.33"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "systemwalker service catalog manager v14g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.5"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-09"
          },
          {
            "_id": null,
            "model": "wide area application services 4.1.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "messaging storage server sp3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "enterprise server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-11-02"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.3"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.14"
          },
          {
            "_id": null,
            "model": "it operations director",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-50-07"
          },
          {
            "_id": null,
            "model": "ciscoworks lan management solution (dec update",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.02007"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1.91.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-20"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.23"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-01"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "linux x86 64 -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2010.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "wireless control system for linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.5"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.18"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.0.62-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01(*2)"
          },
          {
            "_id": null,
            "model": "groupware server 2.2-rc3",
            "scope": null,
            "trust": 0.3,
            "vendor": "kolab",
            "version": null
          },
          {
            "_id": null,
            "model": "replication manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "interstage application server plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.6"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-04"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.9-08(x64))"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager (solaris (s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "5.9.0-00"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux 5.3.ll",
            "scope": null,
            "trust": 0.3,
            "vendor": "red",
            "version": null
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.3.0-00"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.17"
          },
          {
            "_id": null,
            "model": "interstage application server plus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.13"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.8"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0.2"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00-02"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.3"
          },
          {
            "_id": null,
            "model": "enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "5"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.9"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-02"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "meeting exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.9"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.5"
          },
          {
            "_id": null,
            "model": "hat enterprise linux els",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-30"
          },
          {
            "_id": null,
            "model": "web server (hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-0111.0"
          },
          {
            "_id": null,
            "model": "provisioning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.0.60-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "netware sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "interstage application server plus",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-60-01"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.35"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "netware sp8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.5.0"
          },
          {
            "_id": null,
            "model": "interstage application server plus developer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0.1"
          },
          {
            "_id": null,
            "model": "mobility services engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-40"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "jp1/automatic job management system web operation assistant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "3-0"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "replication manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.0.39"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2009.0"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-01"
          },
          {
            "_id": null,
            "model": "hat enterprise linux hpc node optional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.60"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "systemwalker software configuration manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "14.1"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-03(x64))"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.3"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "cts telepresence systems",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.13"
          },
          {
            "_id": null,
            "model": "telepresence video communication server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.10"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6"
          },
          {
            "_id": null,
            "model": "interstage service integrator enterprise edition 9.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/integrated management service support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-00-50"
          },
          {
            "_id": null,
            "model": "point software secureplatform r75",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-09"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5632"
          },
          {
            "_id": null,
            "model": "point software secureplatform ng fp2 edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "check",
            "version": "2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0-00(x64))"
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.2"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.37"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.56"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.3.1"
          },
          {
            "_id": null,
            "model": "web server custom edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2011"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager standard editio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.96"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux lts lpia",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "interstage application development cycle manager standard editio",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "interstage list manager standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "6.0.181.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.4"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.21"
          },
          {
            "_id": null,
            "model": "transportation manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "point software ipso6 r70.40",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "interstage software quality analyzer 10.0.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "global link manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "secure global desktop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "sun",
            "version": "4.62"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-10"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-60-01"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-10-03"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5150"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "replication manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.2.7-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "point software ipso6 r75",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.19"
          },
          {
            "_id": null,
            "model": "web server 04-00-03.",
            "scope": null,
            "trust": 0.3,
            "vendor": "hitachi",
            "version": null
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "aura experience portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5675"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10-03"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.2"
          },
          {
            "_id": null,
            "model": "messaging storage server sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10"
          },
          {
            "_id": null,
            "model": "application server 10g r3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.5.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-40"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-02(x64))"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.44"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.3"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "aura session manager sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5645"
          },
          {
            "_id": null,
            "model": "jp1/integrated management service support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-40"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.19"
          },
          {
            "_id": null,
            "model": "hat enterprise linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "netware sp7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "novell",
            "version": "6.5"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2.0-12"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "opensuse",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "11.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.27"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5655"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-60"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-060"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.13"
          },
          {
            "_id": null,
            "model": "interstage job workload server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tuning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-00"
          },
          {
            "_id": null,
            "model": "jp1/hicommand provisioning manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-90"
          },
          {
            "_id": null,
            "model": "aura session manager sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7.1"
          },
          {
            "_id": null,
            "model": "provisioning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.0.0-00"
          },
          {
            "_id": null,
            "model": "jp1/automatic job management system web operation assistant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "2-0"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "secure backup",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.3.0.3"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "software foundation apache -beta",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.32"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.7"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.11"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.38"
          },
          {
            "_id": null,
            "model": "provisioning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.001"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.52"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.1.17"
          },
          {
            "_id": null,
            "model": "tuning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "point software secureplatform ng",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.63"
          },
          {
            "_id": null,
            "model": "point software ipso6 r71.30",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.36"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.402"
          },
          {
            "_id": null,
            "model": "point software secureplatform r70.40",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-50"
          },
          {
            "_id": null,
            "model": "web server linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-01"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-10-02"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.0.1.73"
          },
          {
            "_id": null,
            "model": "hp-ux web server suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.18"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-00"
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "interstage studio enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-01"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.4"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1.1"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.7"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "hat jboss enterprise web server for rhel es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "41.0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.4"
          },
          {
            "_id": null,
            "model": "cloud infrastructure management software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "8.04"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.2.3"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.1.1.5"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "linux enterprise sdk sp4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.100.0"
          },
          {
            "_id": null,
            "model": "linux enterprise server sp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "linux x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.37"
          },
          {
            "_id": null,
            "model": "jp1/integrated management service support",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-09-50-01"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "interstage apworks modelers-j edition 6.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "wireless control system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.62.0"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.2"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.1.1"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.6"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.3.3"
          },
          {
            "_id": null,
            "model": "web server windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10-03(x64)"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "web server aix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.1.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.16"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-03"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-03"
          },
          {
            "_id": null,
            "model": "replication manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.19"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2.0-00"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.5"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "replication manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-01"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.12"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.1"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-0"
          },
          {
            "_id": null,
            "model": "aura sip enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "onboard administrator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.55"
          },
          {
            "_id": null,
            "model": "hat enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5135"
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.0-00"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "13.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-60"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.53"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "jp1/hicommand replication monitor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-10-02"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-05"
          },
          {
            "_id": null,
            "model": "provisioning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "aura application enablement services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "tuning manager software (solaris(sp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-03"
          },
          {
            "_id": null,
            "model": "web server solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00"
          },
          {
            "_id": null,
            "model": "video surveillance manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "jp1/performance management web console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "-08-50-09"
          },
          {
            "_id": null,
            "model": "systemwalker runbook automation v14g 14.1.0a",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "hat enterprise linux workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-51"
          },
          {
            "_id": null,
            "model": "ip office application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "provisioning manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "device manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "10.04"
          },
          {
            "_id": null,
            "model": "web server hp-ux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "03-00-01"
          },
          {
            "_id": null,
            "model": "tuning manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "job management partner 1/automatic job management system man",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "3-0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "2.0.47"
          },
          {
            "_id": null,
            "model": "aura communication manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop workstation client",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "5"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services base",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-10"
          },
          {
            "_id": null,
            "model": "replication manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-01"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.2"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "6.1.0.103"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.32"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.0"
          },
          {
            "_id": null,
            "model": "web server )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "04-00"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "5638"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.3"
          },
          {
            "_id": null,
            "model": "voice portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "aura session manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "point software ipso6 r65.70",
            "scope": null,
            "trust": 0.3,
            "vendor": "check",
            "version": null
          },
          {
            "_id": null,
            "model": "interstage studio enterprise edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "11.04"
          },
          {
            "_id": null,
            "model": "point software secureplatform ngx r60 build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "check",
            "version": "244"
          },
          {
            "_id": null,
            "model": "interstage business application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-07"
          },
          {
            "_id": null,
            "model": "device manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.48"
          },
          {
            "_id": null,
            "model": "interstage studio standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.6.1"
          },
          {
            "_id": null,
            "model": "jp1/cm2/snmp system observer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "transportation manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-10-03"
          },
          {
            "_id": null,
            "model": "jp1/hicommand device manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05.10"
          },
          {
            "_id": null,
            "model": "tiered storage manager software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "7.0.1-02"
          },
          {
            "_id": null,
            "model": "wireless control system for windows",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.47"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1.1-00(x64))"
          },
          {
            "_id": null,
            "model": "aura communication manager utility services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition 9.1.0b",
            "scope": null,
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": null
          },
          {
            "_id": null,
            "model": "jp1/serverconductor/control manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "0"
          },
          {
            "_id": null,
            "model": "systemwalker availability view enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "13.3"
          },
          {
            "_id": null,
            "model": "jp1/it resource management-manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "09-10"
          },
          {
            "_id": null,
            "model": "interstage application server standard-j edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "8.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.33"
          },
          {
            "_id": null,
            "model": "provisioning manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-08"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.2"
          },
          {
            "_id": null,
            "model": "hat enterprise linux server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "6"
          },
          {
            "_id": null,
            "model": "interstage application server enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "7.0.1"
          },
          {
            "_id": null,
            "model": "device manager software (linux(sles",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.3.0-00"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.40"
          },
          {
            "_id": null,
            "model": "quad",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "5.2.2"
          },
          {
            "_id": null,
            "model": "device manager software (solaris",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.2-00(x64))"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "6.0.2.43"
          },
          {
            "_id": null,
            "model": "onboard administrator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.21"
          },
          {
            "_id": null,
            "model": "systemwalker it process master standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "13.3.1"
          },
          {
            "_id": null,
            "model": "jp1/hicommand devicemanager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-01"
          },
          {
            "_id": null,
            "model": "device manager software )",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.1-03"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.7"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.0.61"
          },
          {
            "_id": null,
            "model": "it operations analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "02-01"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.2.4"
          },
          {
            "_id": null,
            "model": "tiered storage manager software (linux(rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "6.4.0-07"
          },
          {
            "_id": null,
            "model": "interstage studio standard-j edition b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "9.1.0"
          },
          {
            "_id": null,
            "model": "software foundation apache 2.0.64-dev",
            "scope": null,
            "trust": 0.3,
            "vendor": "apache",
            "version": null
          },
          {
            "_id": null,
            "model": "job management partner 1/automatic job management system web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "3-0"
          },
          {
            "_id": null,
            "model": "software foundation apache",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apache",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "jp1/hicommand tiered storage manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hitachi",
            "version": "05-50-01"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          },
          {
            "db": "BID",
            "id": "49303"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Kingcope",
        "sources": [
          {
            "db": "BID",
            "id": "49303"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-3192",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2011-3192",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.1,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2011-3192",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#405811",
                "trust": 0.8,
                "value": "16.01"
              },
              {
                "author": "VULMON",
                "id": "CVE-2011-3192",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3192"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled.  Both the \u0027Range\u0027 header and the \u0027Range-Request\u0027 header are vulnerable.  An attack tool, commonly known as \u0027Apache Killer\u0027, has been released in the wild.  The attack tool causes a significant increase in CPU and memory usage on the server. \nSuccessful exploits will result in a denial-of-service condition. ==========================================================================\nUbuntu Security Notice USN-1199-1\nSeptember 01, 2011\n\napache2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nA remote attacker could send crafted input to Apache and cause it to crash. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n  apache2.2-bin                   2.2.17-1ubuntu1.2\n\nUbuntu 10.10:\n  apache2.2-bin                   2.2.16-1ubuntu3.3\n\nUbuntu 10.04 LTS:\n  apache2.2-bin                   2.2.14-5ubuntu8.6\n\nUbuntu 8.04 LTS:\n  apache2-mpm-event               2.2.8-1ubuntu0.21\n  apache2-mpm-perchild            2.2.8-1ubuntu0.21\n  apache2-mpm-prefork             2.2.8-1ubuntu0.21\n  apache2-mpm-worker              2.2.8-1ubuntu0.21\n\nIn general, a standard system update will make all the necessary changes. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Web Server ByteRange Filter Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45865\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45865/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nRELEASE DATE:\n2011-09-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45865/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45865/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in Hitachi Web Server, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nORIGINAL ADVISORY:\nHitachi (Japanese):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nHP System Management Homepage (SMH) before v7.0 running on Linux and Windows.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Summary:\n\nUpdated httpd packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and\n6.0 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64\n\n3. (CVE-2011-3192)\n\nAll httpd users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n732928 - CVE-2011-3192 httpd: multiple ranges DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux (v. 5.3.LL server):\n\nSource:\nhttpd-2.2.3-22.el5_3.3.src.rpm\n\ni386:\nhttpd-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-manual-2.2.3-22.el5_3.3.i386.rpm\nmod_ssl-2.2.3-22.el5_3.3.i386.rpm\n\nia64:\nhttpd-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.ia64.rpm\nmod_ssl-2.2.3-22.el5_3.3.ia64.rpm\n\nx86_64:\nhttpd-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.x86_64.rpm\nmod_ssl-2.2.3-22.el5_3.3.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nhttpd-2.2.3-45.el5_6.2.src.rpm\n\ni386:\nhttpd-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-manual-2.2.3-45.el5_6.2.i386.rpm\nmod_ssl-2.2.3-45.el5_6.2.i386.rpm\n\nia64:\nhttpd-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ia64.rpm\nmod_ssl-2.2.3-45.el5_6.2.ia64.rpm\n\nppc:\nhttpd-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ppc.rpm\nmod_ssl-2.2.3-45.el5_6.2.ppc.rpm\n\ns390x:\nhttpd-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-manual-2.2.3-45.el5_6.2.s390x.rpm\nmod_ssl-2.2.3-45.el5_6.2.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.x86_64.rpm\nmod_ssl-2.2.3-45.el5_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6.0.z):\n\nSource:\nhttpd-2.2.15-5.el6_0.1.src.rpm\n\ni386:\nhttpd-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-tools-2.2.15-5.el6_0.1.i686.rpm\nmod_ssl-2.2.15-5.el6_0.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-5.el6_0.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.ppc64.rpm\nmod_ssl-2.2.15-5.el6_0.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-tools-2.2.15-5.el6_0.1.s390x.rpm\nmod_ssl-2.2.15-5.el6_0.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.x86_64.rpm\nmod_ssl-2.2.15-5.el6_0.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3192.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02997184\nVersion: 2\n\nHPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-09-08\nLast Updated: 2011-09-08\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). \n\nReferences: CVE-2011-3192, CVE-2011-0419\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier\nHP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-3192    (AV:N/AC:L/Au:N/C:N/I:N/A:C)       7.8\nCVE-2011-0419    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nThis bulletin will be revised when additional information becomes available. \n\nHP has provided the following software update to resolve these vulnerabilities. \n\nThe update is available for download from the following location\nftp://srt10606:P2xg=AD5@ftp.usa.hp.com\nor\nhttps://ftp.usa.hp.com/hprc/home with\nusername srt10606 and password P2xg=AD5\n\nHP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08\nHP-UX 11i Release / Apache Depot name\n\nB.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nB.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nHP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier\nHP-UX 11i Release / Apache Depot name\n\nB.11.11 / Use work around suggested below\nB.11.23 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\nB.11.31 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\n\nAlternatives to Installing the Preliminary Patch\nThe Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. \nNote: that no patch is available for Apache 2.0.64.01. \n\n1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request. \n\n2) Limit the size of the request field to a few hundred bytes. \n\n3) Use mod_headers to completely disallow the use of Range headers. \n\nPlease refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.18 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. \n\nIt analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite v3.18\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.08 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 8 September 2011 Initial release\nVersion:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp\naWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C\n=MTc6\n-----END PGP SIGNATURE-----\n. Enjoy!\n \n * apache has been upgraded to the latest version (2.2.21) for 2011\n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 5c4825e4c63b4a06c68a5fd81517de71  2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm\n b5a00191b27804f9735643cdcd704b19  2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm\n 49defd7efbb4a37ec49c01c7ef9c64aa  2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm\n a023e40689777630df036eae1a84a475  2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n f03744bb74a3e0872cb08465799c3ee1  2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm\n bb9efa66089deef66f9434b813d41a95  2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n bb334eb7fe43927ba7c6c9196b4e1fd1  2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 086b5ed82c064b16964fff70bf9c841e  2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm\n 115008b2471e10ea01689dafe5c46bcd  2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n 6b686ec6612ff8740d1e482faa06c544  2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm\n 8c8f14074bc0dbbeb2b3890611f95c6b  2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n b03569edc20c9393e0b5eea09f590368  2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 343703d3822a6757e000edeebe7e0a06  2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm\n 3457011403525d40e525716c4da8e477  2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 3d060145b3665ca4c0b309f812af9370  2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm\n a0e00b0610eb5a8c5c57afabeafc07f8  2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm\n dd4bb38bbc2997ca398fb37225eca371  2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm\n 2966cdfddf02fa32447711af6a3046dd  2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm\n 48774d9c282dc476f35a0c8b2e821a7f  2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm\n 7b832f85bd258abf0c7abb161f4028b4  2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm\n 1c6b93eaa5b27477989bf82ea9a63685  2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm\n 1e7dc0ee3fafae8a786be0cc164ebe4a  2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm\n ab2d074f2dfe57a64b022d4e6b8254ab  2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm\n a22debf09366b64e236965a4091009e9  2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm\n 174aed4327491b83f147f3b4e76bcd1f  2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm\n e141881c27496e7e74ad7f3f566a1bd2  2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm\n 97893069a3d6eb73e3773bc0ee78c9a4  2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm\n fe530e2da15b3e0bf14c617824ff82c9  2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm \n 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 8837c56966896e10d3403956e7cf86ac  2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aec6da25319585e53623471734f99c57  2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm\n e8600455214ad4f2303d9f36576e4952  2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 90694f3211fca3d436ec4130b8bb43e2  2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n fd3f6a51c8abf8b1ff8356489ba6d6e1  2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 796c8129bbc160455587bc54c58c2220  2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 61add54b6e0c8306dff065a150b262e2  2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cb98169c29008c256662f3a08141bf95  2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5aa03ee54a7e40d41fd746fd1a223c72  2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 386a956f014fe2d64dfe38fc261abd39  2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5a473bc45fa59323c4d526dd4f5a30d3  2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aaa544f7a4912c161a2c73e222ae87d6  2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n f04054edc62a24ea9042c5b41074bd1d  2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 1c97f63c1169f483d086a94b97f5c421  2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n ca912c34fec5cf470947a7f87e9705a4  2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm\n b5ae70a8ed412e40275b4de7b639caa0  2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6b11b032c13277712c336405ea23a8b0  2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 874a420342f1ea9278e014b79fe5a337  2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 2757b3d7c8261563e22c41d3f94aaa29  2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6edbc6963aab9beee507f9a3c8be38a2  2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm\n fe6143eaa1acc0de751198ea19129279  2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 3e66fa1e1e2cf243c1c6472243cb86fe  2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d45bfd7d3aa87d45d2287fdd9507847  2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm\n bce9e2cdffe45cbc4baf72f0d0c4000e  2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 217bd96dfa802f7d049b6fd12600b154  2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cc304b9011d16d7f3cf5c8250e4d9f18  2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm\n a8bb9b62c39f98a6df728d51a4fff39a  2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d41c857be2574ac5f3ea7090a1f3c78  2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm \n 4376094cd799523a1a7666f4e768707d  2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e  2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455  2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42  2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFOdErbmqjQ0CJFipgRArO0AJ9MeU1I/ItvY699awHPqXD7TZZ46gCeP/Lc\nOVJD0GobLzQ3q1XZS8WiqdY=\n=O8Ag\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          },
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          },
          {
            "db": "BID",
            "id": "49303"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3192"
          },
          {
            "db": "PACKETSTORM",
            "id": "104711"
          },
          {
            "db": "PACKETSTORM",
            "id": "104804"
          },
          {
            "db": "PACKETSTORM",
            "id": "111915"
          },
          {
            "db": "PACKETSTORM",
            "id": "104936"
          },
          {
            "db": "PACKETSTORM",
            "id": "104784"
          },
          {
            "db": "PACKETSTORM",
            "id": "105120"
          },
          {
            "db": "PACKETSTORM",
            "id": "104969"
          },
          {
            "db": "PACKETSTORM",
            "id": "105184"
          },
          {
            "db": "PACKETSTORM",
            "id": "105281"
          },
          {
            "db": "PACKETSTORM",
            "id": "106788"
          }
        ],
        "trust": 2.88
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17696",
            "trust": 0.2,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-3192",
            "trust": 2.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#405811",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "49303",
            "trust": 1.3
          },
          {
            "db": "SECUNIA",
            "id": "46000",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "46126",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "45937",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "46125",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "45606",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "17696",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1025960",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "74721",
            "trust": 1.0
          },
          {
            "db": "HITACHI",
            "id": "HS11-019",
            "trust": 0.4
          },
          {
            "db": "HITACHI",
            "id": "HS11-021",
            "trust": 0.3
          },
          {
            "db": "HITACHI",
            "id": "HS11-020",
            "trust": 0.3
          },
          {
            "db": "HITACHI",
            "id": "HS11-022",
            "trust": 0.3
          },
          {
            "db": "JUNIPER",
            "id": "JSA10642",
            "trust": 0.3
          },
          {
            "db": "SECUNIA",
            "id": "45865",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3192",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104711",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104804",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "111915",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104936",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104784",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "105120",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "104969",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "105184",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "105281",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "106788",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3192"
          },
          {
            "db": "BID",
            "id": "49303"
          },
          {
            "db": "PACKETSTORM",
            "id": "104711"
          },
          {
            "db": "PACKETSTORM",
            "id": "104804"
          },
          {
            "db": "PACKETSTORM",
            "id": "111915"
          },
          {
            "db": "PACKETSTORM",
            "id": "104936"
          },
          {
            "db": "PACKETSTORM",
            "id": "104784"
          },
          {
            "db": "PACKETSTORM",
            "id": "105120"
          },
          {
            "db": "PACKETSTORM",
            "id": "104969"
          },
          {
            "db": "PACKETSTORM",
            "id": "105184"
          },
          {
            "db": "PACKETSTORM",
            "id": "105281"
          },
          {
            "db": "PACKETSTORM",
            "id": "106788"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "id": "VAR-201108-0132",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3003817384615385
      },
      "last_update_date": "2026-03-07T20:00:13.509000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Ubuntu Security Notice: apache2 vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1199-1"
          },
          {
            "title": "Cisco: Apache HTTPd Range Header Denial of Service Vulnerability",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20110830-apache"
          },
          {
            "title": "Debian Security Advisories: DSA-2298-2 apache2 -- denial of service",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7227b6751a2a5332a53278f1881d559f"
          },
          {
            "title": "Amazon Linux AMI: ALAS-2011-001",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-001"
          },
          {
            "title": "Red Hat: Moderate: httpd security and bug fix update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2011-3192 "
          },
          {
            "title": "MNCanyon",
            "trust": 0.1,
            "url": "https://github.com/MNCanyon/MNCanyon "
          },
          {
            "title": "haproxy-ddos",
            "trust": 0.1,
            "url": "https://github.com/analytically/haproxy-ddos "
          },
          {
            "title": "DDoS-Script",
            "trust": 0.1,
            "url": "https://github.com/Encapsulate/DDoS-Script "
          },
          {
            "title": "Mind_help",
            "trust": 0.1,
            "url": "https://github.com/MNCanyon/Mind_help "
          },
          {
            "title": "DC-p0t",
            "trust": 0.1,
            "url": "https://github.com/5p1n6a11/DC-p0t "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.1,
            "url": "http://www.apache.org/dist/httpd/announcement2.2.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html"
          },
          {
            "trust": 1.3,
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51714"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
          },
          {
            "trust": 1.3,
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
          },
          {
            "trust": 1.1,
            "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd@minotaur.apache.org%3e"
          },
          {
            "trust": 1.1,
            "url": "http://www.ubuntu.com/usn/usn-1199-1"
          },
          {
            "trust": 1.0,
            "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348f82@minotaur.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://osvdb.org/74721"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18827"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b90d73.shtml"
          },
          {
            "trust": 1.0,
            "url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69396"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/46000"
          },
          {
            "trust": 1.0,
            "url": "http://support.apple.com/kb/ht5002"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.exploit-db.com/exploits/17696"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14762"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/46126"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3ccaapsnn2po-d-c4nqt_tes2rrwizr7urefhtkpwbc1b+k1dqc7g%40mail.gmail.com%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14824"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/45937"
          },
          {
            "trust": 1.0,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732928"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:130"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1294.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html"
          },
          {
            "trust": 1.0,
            "url": "http://blogs.oracle.com/security/entry/security_alert_for_cve_2011"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1300.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/46125"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1330.html"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=133477473521382\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://seclists.org/fulldisclosure/2011/aug/175"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1025960"
          },
          {
            "trust": 1.0,
            "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd%40minotaur.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/45606"
          },
          {
            "trust": 1.0,
            "url": "http://www.kb.cert.org/vuls/id/405811"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1369.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1329.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/49303"
          },
          {
            "trust": 1.0,
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2011-1245.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html"
          },
          {
            "trust": 1.0,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.gossamer-threads.com/lists/apache/dev/401638"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
          },
          {
            "trust": 0.8,
            "url": "http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.apache.org/dist/httpd/changes_2.2.20"
          },
          {
            "trust": 0.4,
            "url": "http://rhn.redhat.com/errata/rhsa-2011-1329.html"
          },
          {
            "trust": 0.3,
            "url": "http://kolab.org/pipermail/kolab-announce/2011/000102.html"
          },
          {
            "trust": 0.3,
            "url": "http://kolab.org/pipermail/kolab-announce/2011/000103.html"
          },
          {
            "trust": 0.3,
            "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list"
          },
          {
            "trust": 0.3,
            "url": "http://httpd.apache.org/download.cgi"
          },
          {
            "trust": 0.3,
            "url": "https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk65222"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technetwork/topics/security/alerts-086861.html#securityalerts"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_and_cve"
          },
          {
            "trust": 0.3,
            "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of"
          },
          {
            "trust": 0.3,
            "url": "http://marc.info/?l=apache-httpd-dev\u0026m=131418828705324\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-020/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-021/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-022/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.novell.com/support/viewcontent.do?externalid=7009621"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/520376"
          },
          {
            "trust": 0.3,
            "url": "http://support.avaya.com/css/p8/documents/100148618"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03285138"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
          },
          {
            "trust": 0.3,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954\u0026ac.admitted=1349807398574.876444892.199480143"
          },
          {
            "trust": 0.3,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-019/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201102e.html"
          },
          {
            "trust": 0.3,
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21512087"
          },
          {
            "trust": 0.3,
            "url": "http://httpd.apache.org/security/cve-2011-3192.txt"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2011-1300.html"
          },
          {
            "trust": 0.3,
            "url": "https://rhn.redhat.com/errata/rhsa-2011-1330.html"
          },
          {
            "trust": 0.3,
            "url": "https://www-304.ibm.com/support/docview.wss?uid=nas2aae02620b9b78d9e862578fe003c799b"
          },
          {
            "trust": 0.3,
            "url": "http://www.xerox.com/download/security/security-bulletin/1284345-ee19-4bf3860908380/cert_xrx12-004_v1.01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419"
          },
          {
            "trust": 0.3,
            "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
          },
          {
            "trust": 0.3,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "https://ftp.usa.hp.com/hprc/home"
          },
          {
            "trust": 0.2,
            "url": "https://www.hp.com/go/swa"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3192"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/kb/docs/doc-11259"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/key/#package"
          },
          {
            "trust": 0.2,
            "url": "https://www.redhat.com/security/data/cve/cve-2011-3192.html"
          },
          {
            "trust": 0.2,
            "url": "http://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.2,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.2"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.3"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.21"
          },
          {
            "trust": 0.1,
            "url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.6"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/242"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/45865/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-019/index.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/45865/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1623"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4409"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1468"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1467"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1471"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0734"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1470"
          },
          {
            "trust": 0.1,
            "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
          },
          {
            "trust": 0.1,
            "url": "http://h18000.www1.hp.com/products/servers/management/agents/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1945"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2068"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1928"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3436"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0014"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1464"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1153"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0195"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0037"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
          },
          {
            "trust": 0.1,
            "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
          },
          {
            "trust": 0.1,
            "url": "https://rhn.redhat.com/errata/rhsa-2011-1294.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3348"
          },
          {
            "trust": 0.1,
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51878"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          },
          {
            "db": "BID",
            "id": "49303"
          },
          {
            "db": "PACKETSTORM",
            "id": "104711"
          },
          {
            "db": "PACKETSTORM",
            "id": "104804"
          },
          {
            "db": "PACKETSTORM",
            "id": "111915"
          },
          {
            "db": "PACKETSTORM",
            "id": "104936"
          },
          {
            "db": "PACKETSTORM",
            "id": "104784"
          },
          {
            "db": "PACKETSTORM",
            "id": "105120"
          },
          {
            "db": "PACKETSTORM",
            "id": "104969"
          },
          {
            "db": "PACKETSTORM",
            "id": "105184"
          },
          {
            "db": "PACKETSTORM",
            "id": "105281"
          },
          {
            "db": "PACKETSTORM",
            "id": "106788"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3192"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#405811",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2011-3192",
            "ident": null
          },
          {
            "db": "BID",
            "id": "49303",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "104711",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "104804",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "111915",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "104936",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "104784",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "105120",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "104969",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "105184",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "105281",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "106788",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2011-3192",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-08-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#405811",
            "ident": null
          },
          {
            "date": "2011-08-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3192",
            "ident": null
          },
          {
            "date": "2011-08-24T00:00:00",
            "db": "BID",
            "id": "49303",
            "ident": null
          },
          {
            "date": "2011-09-02T00:03:29",
            "db": "PACKETSTORM",
            "id": "104711",
            "ident": null
          },
          {
            "date": "2011-09-06T04:48:58",
            "db": "PACKETSTORM",
            "id": "104804",
            "ident": null
          },
          {
            "date": "2012-04-17T20:34:39",
            "db": "PACKETSTORM",
            "id": "111915",
            "ident": null
          },
          {
            "date": "2011-09-09T05:23:01",
            "db": "PACKETSTORM",
            "id": "104936",
            "ident": null
          },
          {
            "date": "2011-09-04T17:36:46",
            "db": "PACKETSTORM",
            "id": "104784",
            "ident": null
          },
          {
            "date": "2011-09-14T22:52:49",
            "db": "PACKETSTORM",
            "id": "105120",
            "ident": null
          },
          {
            "date": "2011-09-10T01:00:13",
            "db": "PACKETSTORM",
            "id": "104969",
            "ident": null
          },
          {
            "date": "2011-09-17T19:02:19",
            "db": "PACKETSTORM",
            "id": "105184",
            "ident": null
          },
          {
            "date": "2011-09-22T05:35:12",
            "db": "PACKETSTORM",
            "id": "105281",
            "ident": null
          },
          {
            "date": "2011-11-09T16:26:04",
            "db": "PACKETSTORM",
            "id": "106788",
            "ident": null
          },
          {
            "date": "2011-08-29T15:55:02.017000",
            "db": "NVD",
            "id": "CVE-2011-3192",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-09-19T00:00:00",
            "db": "CERT/CC",
            "id": "VU#405811",
            "ident": null
          },
          {
            "date": "2022-09-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2011-3192",
            "ident": null
          },
          {
            "date": "2015-05-07T17:20:00",
            "db": "BID",
            "id": "49303",
            "ident": null
          },
          {
            "date": "2025-04-11T00:51:21.963000",
            "db": "NVD",
            "id": "CVE-2011-3192",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "104711"
          },
          {
            "db": "PACKETSTORM",
            "id": "104784"
          },
          {
            "db": "PACKETSTORM",
            "id": "105120"
          },
          {
            "db": "PACKETSTORM",
            "id": "105184"
          },
          {
            "db": "PACKETSTORM",
            "id": "105281"
          },
          {
            "db": "PACKETSTORM",
            "id": "106788"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Apache HTTPD 1.3/2.x Range header DoS vulnerability",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#405811"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "49303"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200609-0823

    Vulnerability from variot - Updated: 2026-03-05 22:12

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]

    New OpenSSL releases are now available to correct four security issues.

    ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

    Vulnerability

    Dr. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

    FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

    II.

    III.

    IV. Workaround

    No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

    2) To patch your present system:

    The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

    b) Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    cd /usr/src/secure/lib/libssl

    make obj && make depend && make && make install

    VI. Correction details

    The following list contains the revision numbers of each file that was corrected in FreeBSD.

    Branch Revision Path


    RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2


    VII.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c02824490 Version: 1

    HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2011-05-05 Last Updated: 2011-05-05

    Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.

    References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

    CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

    HISTORY Version:1 (rev.1) - 5 May 2011 Initial release

    Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "_id": null,
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11 (x64)"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "_id": null,
            "model": "wizpy",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-26000"
          },
          {
            "_id": null,
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "networks meridian option 61c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "systems management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.168"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux database server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "_id": null,
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for gauntlet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1050"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "networks meridian option 51c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "aironet acs350 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3502.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "6000"
          },
          {
            "_id": null,
            "model": "networks cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "_id": null,
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.5"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "_id": null,
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "networks meridian option 81c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "networks self-service mps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "_id": null,
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5.2"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "_id": null,
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2700"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1740"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1010"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "_id": null,
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "networks communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0.0x64"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-45000"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-46000"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "17500"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "1.7"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "_id": null,
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "_id": null,
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.6"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "_id": null,
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "networks ip address domain manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "nortel",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "_id": null,
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "networks meridian option 11c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1700"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "_id": null,
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "stonebeat fullcluster for isa server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "_id": null,
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100"
          },
          {
            "_id": null,
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "_id": null,
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "_id": null,
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "_id": null,
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "7250.0"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "_id": null,
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "_id": null,
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "_id": null,
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "_id": null,
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "_id": null,
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "_id": null,
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "_id": null,
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "_id": null,
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "_id": null,
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "_id": null,
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "_id": null,
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "_id": null,
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "_id": null,
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "_id": null,
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "_id": null,
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "_id": null,
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "_id": null,
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_wizpy",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-3738",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-3738",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-3738",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-3738",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          }
        ],
        "trust": 5.94
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 2.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "SECUNIA",
            "id": "30161",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22654",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22633",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4314",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29262",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "59797",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "id": "VAR-200609-0823",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28107159000000004
      },
      "last_update_date": "2026-03-05T22:12:20.082000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102711",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "TLSA-2007-52",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2007/TLSA-2007-52.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "TLSA-2007-52",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-52j.txt"
          },
          {
            "title": "vu386964-547300",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu386964-547300.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29262"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3738"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.4,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "/archive/1/481217"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "59797",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535",
            "ident": null
          },
          {
            "date": "2007-10-05T05:29:31",
            "db": "PACKETSTORM",
            "id": "59797",
            "ident": null
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560",
            "ident": null
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257",
            "ident": null
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000594",
            "ident": null
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788",
            "ident": null
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2011-05-09T19:52:00",
            "db": "BID",
            "id": "20249",
            "ident": null
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083",
            "ident": null
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000594",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-3738",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200110-0207

    Vulnerability from variot - Updated: 2026-03-04 20:59

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. OpenSSL Security Advisory [28th September 2006]

    New OpenSSL releases are now available to correct four security issues.

    ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

    Vulnerability

    Dr. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/


    Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c01118771 Version: 1

    HPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-08-01 Last Updated: 2007-08-01

    Potential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows.

    References: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. A more recent version is available: System Management Homepage (SMH) version 2.1.8

    HP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26864.html

    HP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26866.html

    HP System Management Homepage for Windows version 2.1.8-179 can be downloaded from http://h18023.www1.hp.com/support/files/server/us/download/26977.html

    PRODUCT SPECIFIC INFORMATION

    HISTORY: Version:1 (rev.1) - 1 August 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "_id": null,
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "_id": null,
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "_id": null,
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "_id": null,
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "_id": null,
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "_id": null,
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "_id": null,
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "_id": null,
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "_id": null,
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "_id": null,
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "_id": null,
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "_id": null,
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "_id": null,
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "_id": null,
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "fitelnet-f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "_id": null,
            "model": "mucho series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "_id": null,
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "_id": null,
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "_id": null,
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "_id": null,
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "_id": null,
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "_id": null,
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "_id": null,
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "_id": null,
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "_id": null,
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "_id": null,
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "_id": null,
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "_id": null,
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "_id": null,
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "_id": null,
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "_id": null,
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "_id": null,
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "_id": null,
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "_id": null,
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "_id": null,
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "_id": null,
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "_id": null,
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "_id": null,
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "_id": null,
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "_id": null,
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "_id": null,
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "_id": null,
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "_id": null,
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "_id": null,
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "_id": null,
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "_id": null,
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "_id": null,
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "_id": null,
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "_id": null,
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "_id": null,
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "_id": null,
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "_id": null,
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "_id": null,
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "_id": null,
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "_id": null,
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "_id": null,
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "_id": null,
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "_id": null,
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "_id": null,
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "_id": null,
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "_id": null,
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "_id": null,
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "_id": null,
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "_id": null,
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "_id": null,
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "_id": null,
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "_id": null,
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "_id": null,
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "_id": null,
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "_id": null,
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "_id": null,
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "_id": null,
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "_id": null,
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "_id": null,
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "_id": null,
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "_id": null,
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "_id": null,
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "_id": null,
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "_id": null,
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "_id": null,
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "_id": null,
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "_id": null,
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "_id": null,
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "_id": null,
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "_id": null,
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "_id": null,
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "_id": null,
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "_id": null,
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "_id": null,
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "_id": null,
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "_id": null,
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "_id": null,
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "_id": null,
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "_id": null,
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "_id": null,
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "_id": null,
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "_id": null,
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "_id": null,
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "_id": null,
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "_id": null,
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "_id": null,
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "_id": null,
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "_id": null,
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "_id": null,
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "_id": null,
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "_id": null,
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "_id": null,
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "_id": null,
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "_id": null,
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "_id": null,
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "_id": null,
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "_id": null,
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "_id": null,
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "_id": null,
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "_id": null,
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "_id": null,
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "_id": null,
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "_id": null,
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "_id": null,
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "_id": null,
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "_id": null,
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-4343",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-534",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01118771\nVersion: 1\n\nHPSBMA02250 SSRT061275 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Execution of Arbitrary Code and Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-08-01\nLast Updated: 2007-08-01\n\n\nPotential Security Impact: Remote execution of arbitrary code and Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified HP System Management Homepage (SMH) for Linux and Windows. \n\nReferences: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-4339, CVE-2006-4343\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \nA more recent version is available: System Management Homepage (SMH) version 2.1.8 \n\nHP System Management Homepage for Linux (x86) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26864.html \n\nHP System Management Homepage for Linux (AMD64/EM64T) version 2.1.8-177 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26866.html \n\nHP System Management Homepage for Windows version 2.1.8-179 can be downloaded from \nhttp://h18023.www1.hp.com/support/files/server/us/download/26977.html \n\nPRODUCT SPECIFIC INFORMATION \n\nHISTORY: \nVersion:1 (rev.1) - 1 August 2007 Initial Release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.59
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200110-0207",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333337
      },
      "last_update_date": "2026-03-04T20:59:34.450000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102711",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "729618/NISCC/PARASITIC-KEYS",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.7,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663",
            "ident": null
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595",
            "ident": null
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543",
            "ident": null
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566",
            "ident": null
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346",
            "ident": null
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548",
            "ident": null
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "ident": null
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "ident": null
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964",
            "ident": null
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620",
            "ident": null
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300",
            "ident": null
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246",
            "ident": null
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "ident": null
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "ident": null
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "design error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-0998

    Vulnerability from variot - Updated: 2026-03-04 19:54

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ASN.1 Denial of Service Attack (1/2)

     During the parsing of certain invalid ASN.1 structures an error
     condition is mishandled. This can result in an infinite loop which
     consumes system memory. The Common Vulnerabilities and Exposures
     (CVE) project assigned the id CVE-2006-2937 [2] to the problem.
    
    1. ASN.1 Denial of Service Attack (2/2)

      Certain types of public key can take disproportionate amounts of time to process. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2940 [3] to the problem.

    2. SSL_get_shared_ciphers() Buffer Overflow

      A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-3780 [4] to the problem.

    3. SSLv2 Client Crash

      A flaw in the SSLv2 client code was discovered. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4343 [5] to the problem.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

    iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. (CVE-2006-4343)

    Updated packages are patched to address these issues.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0998",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 4.0,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro v2"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v4"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v1"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v2"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v1 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3 ad"
          },
          {
            "model": "ridoc document system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "image log options  v1"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "device operation management utility"
          },
          {
            "model": "ridoc print linkage",
            "scope": null,
            "trust": 0.8,
            "vendor": "ricoh",
            "version": null
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2"
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f3000"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f40"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f80/f100/f120/f1000"
          },
          {
            "model": "mucho series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "mucho-ev/pk"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_print_linkage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#423396",
                "trust": 0.8,
                "value": "7.92"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2940",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion.  This vulnerability may cause a denial of service. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. This can result in an infinite loop which\n     consumes system memory. The Common Vulnerabilities and Exposures\n     (CVE) project assigned the id CVE-2006-2937 [2] to the problem. \n\n  2. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. The Common Vulnerabilities and Exposures (CVE)\n     project assigned the id CVE-2006-2940 [3] to the problem. \n\n  3. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-3780 [4] to the problem. \n\n  4. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-4343 [5] to the problem. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 6.39
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 4.5
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 4.5
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 1.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200609-0998",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2026-03-04T19:54:50.365000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "RSA \u516c\u958b\u9375\u306b\u3088\u308b\u8106\u5f31\u6027\uff08Parasitic Public Key\uff09\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.furukawa.co.jp/fitelnet/topic/x509b_attacks.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl096b (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=460"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "NISCC-729618",
            "trust": 0.8,
            "url": "http://www.ricoh.co.jp/ridoc_ds/rds/download/Ridoc_DoS.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.9,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2531"
          },
          {
            "trust": 0.8,
            "url": "http://www.hornik.sk/sa/sa-20040802.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.gnu.org/software/gnutls/"
          },
          {
            "trust": 0.8,
            "url": "http://www.securitytracker.com/alerts/2004/aug/1010838.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2940"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/423396"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "X.509 certificate verification may be vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0349

    Vulnerability from variot - Updated: 2026-03-03 20:35

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. (CVE-2006-4343)

    Updated packages are patched to address these issues.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0349",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#423396",
                "trust": 0.8,
                "value": "7.92"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion.  This vulnerability may cause a denial of service. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          }
        ],
        "trust": 4.86
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 4.2
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 3.6
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200110-0349",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2026-03-03T20:35:26.896000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 3.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2531"
          },
          {
            "trust": 0.8,
            "url": "http://www.hornik.sk/sa/sa-20040802.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.gnu.org/software/gnutls/"
          },
          {
            "trust": 0.8,
            "url": "http://www.securitytracker.com/alerts/2004/aug/1010838.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "X.509 certificate verification may be vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0446

    Vulnerability from variot - Updated: 2026-03-02 22:15

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library.

    Affected packages

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/openssl < 0.9.8d >= 0.9.8d *>= 0.9.7l

    Description

    Tavis Ormandy and Will Drewry, both of the Google Security Team, discovered that the SSL_get_shared_ciphers() function contains a buffer overflow vulnerability, and that the SSLv2 client code contains a flaw leading to a crash. Additionally Dr. Stephen N. Henson found that the ASN.1 handler contains two Denial of Service vulnerabilities: while parsing an invalid ASN.1 structure and while handling certain types of public key. Finally a malicious server could crash a SSLv2 client through the SSLv2 vulnerability.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0446",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /  Vulnerable  /                     Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8d                          \u003e= 0.9.8d\n                                                            *\u003e= 0.9.7l\n\nDescription\n===========\n\nTavis Ormandy and Will Drewry, both of the Google Security Team,\ndiscovered that the SSL_get_shared_ciphers() function contains a buffer\noverflow vulnerability, and that the SSLv2 client code contains a flaw\nleading to a crash. Additionally Dr. Stephen N. Henson found that the\nASN.1 handler contains two Denial of Service vulnerabilities: while\nparsing an invalid ASN.1 structure and while handling certain types of\npublic key. Finally a\nmalicious server could crash a SSLv2 client through the SSLv2\nvulnerability. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 3.5
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200110-0446",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2026-03-02T22:15:59.056000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-0988

    Vulnerability from variot - Updated: 2026-03-02 20:12

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. OpenSSL library vulnerabilities:
    
    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/


    Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

    During the parsing of certain invalid ASN1 structures an error condition is mishandled. (CVE-2006-2937)

    Certain types of public key can take disproportionate amounts of time to process. (CVE-2006-2940)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-0988",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "model": "mucho series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-4343",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-534",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.67
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 3.7
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200609-0988",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333337
      },
      "last_update_date": "2026-03-02T20:12:22.401000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102711",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "729618/NISCC/PARASITIC-KEYS",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "design error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0422

    Vulnerability from variot - Updated: 2025-12-22 20:52

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (2/2)

     Certain types of public key can take disproportionate amounts of
     time to process. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0422",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 3.5
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200110-0422",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-12-22T20:52:04.389000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1209

    Vulnerability from variot - Updated: 2025-12-21 22:00

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]

    New OpenSSL releases are now available to correct four security issues.

    ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

    Vulnerability

    Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt .

    Affected packages

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/openssl < 0.9.8e-r3 >= 0.9.8e-r3

    Description

    Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. A local attacker could perform a side channel attack to retrieve the RSA private keys.

    Resolution

    All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3"
    

    References

    [ 1 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 2 ] CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [ 3 ] CVE-2007-5135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200710-06.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) CVE Name: CVE-2007-5135

    For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

    FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

    II. Problem Description

    A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.

    III.

    IV. Workaround

    No workaround is available, but only applications using the SSL_get_shared_ciphers() function are affected. Solution

    Perform one of the following:

    1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the correction date.

    2) To patch your present system:

    The following patch have been verified to apply to FreeBSD 5.5, 6.1, and 6.2 systems.

    a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch

    fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc

    b) Execute the following commands as root:

    cd /usr/src

    patch < /path/to/patch

    cd /usr/src/secure/lib/libssl

    make obj && make depend && make && make install

    VI. Correction details

    The following list contains the revision numbers of each file that was corrected in FreeBSD.

    Branch Revision Path


    RELENG_5 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 RELENG_5_5 src/UPDATING 1.342.2.35.2.16 src/sys/conf/newvers.sh 1.62.2.21.2.18 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 RELENG_6 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 RELENG_6_2 src/UPDATING 1.416.2.29.2.11 src/sys/conf/newvers.sh 1.69.2.13.2.11 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 RELENG_6_1 src/UPDATING 1.416.2.22.2.22 src/sys/conf/newvers.sh 1.69.2.11.2.22 src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2


    VII. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2937 [2] to the problem.

    1. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2940 [3] to the problem.

    2. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-3780 [4] to the problem.

    3. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4343 [5] to the problem.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

    -----BEGIN PGP SIGNATURE----- Version: PGP 8.1

    iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1209",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-26000"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "networks meridian option 61c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "systems management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.168"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux database server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "stonebeat fullcluster for gauntlet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1050"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "networks meridian option 51c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "aironet acs350 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3502.6"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "6000"
          },
          {
            "model": "networks cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.5"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "fuji",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "networks meridian option 81c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.4"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks self-service mps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5.2"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2700"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1740"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1010"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.1"
          },
          {
            "model": "networks communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0.0x64"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-45000"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-46000"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "17500"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "1.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.6"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "networks ip address domain manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.3"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.8"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "networks meridian option 11c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.1"
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1700"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "stonebeat fullcluster for isa server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "7250.0"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-3738",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-3738",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-3738",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. S. N. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. N. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /   Vulnerable   /                   Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8e-r3                    \u003e= 0.9.8e-r3\n\nDescription\n===========\n\nMoritz Jodeit reported an off-by-one error in the\nSSL_get_shared_ciphers() function, resulting from an incomplete fix of\nCVE-2006-3738. A flaw has also been reported in the\nBN_from_montgomery() function in crypto/bn/bn_mont.c when performing\nMontgomery multiplication. A local attacker could\nperform a side channel attack to retrieve the RSA private keys. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8e-r3\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 2 ] CVE-2007-3108\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108\n  [ 3 ] CVE-2007-5135\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200710-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nCorrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)\n                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)\n                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)\n                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)\n                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)\nCVE Name:       CVE-2007-5135\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured,\nand Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII.  Problem Description\n\nA buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found\nto be incorrectly fixed. \n\nIII. \n\nIV.  Workaround\n\nNo workaround is available, but only applications using the\nSSL_get_shared_ciphers() function are affected.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the\nRELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the\ncorrection date. \n\n2) To patch your present system:\n\nThe following patch have been verified to apply to FreeBSD 5.5, 6.1,\nand 6.2 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nVI.  Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nBranch                                                           Revision\n  Path\n- -------------------------------------------------------------------------\nRELENG_5\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3\nRELENG_5_5\n  src/UPDATING                                            1.342.2.35.2.16\n  src/sys/conf/newvers.sh                                  1.62.2.21.2.18\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2\nRELENG_6\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2\nRELENG_6_2\n  src/UPDATING                                            1.416.2.29.2.11\n  src/sys/conf/newvers.sh                                  1.69.2.13.2.11\n  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1\nRELENG_6_1\n  src/UPDATING                                            1.416.2.22.2.22\n  src/sys/conf/newvers.sh                                  1.69.2.11.2.22\n  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2\n- -------------------------------------------------------------------------\n\nVII. The Common Vulnerabilities and Exposures\n     (CVE) project assigned the id CVE-2006-2937 [2] to the problem. \n\n  2. The Common Vulnerabilities and Exposures (CVE)\n     project assigned the id CVE-2006-2940 [3] to the problem. \n\n  3. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-3780 [4] to the problem. \n\n  4. The\n     Common Vulnerabilities and Exposures (CVE) project assigned the id\n     CVE-2006-4343 [5] to the problem. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I\notH/juFiPayhwdxQwX1pZwdm\n=e4BA\n-----END PGP SIGNATURE-----\n. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          }
        ],
        "trust": 4.23
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "trust": 2.3
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "30161",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22654",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22633",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4314",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29262",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "59899",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "59797",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "id": "VAR-200609-1209",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28107159000000004
      },
      "last_update_date": "2025-12-21T22:00:19.673000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29262"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "/archive/1/481217"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://enigmail.mozdev.org"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch.asc"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3738"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/\u003e."
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-07:08.openssl.asc"
          },
          {
            "trust": 0.1,
            "url": "http://security.freebsd.org/patches/sa-07:08/openssl.patch"
          },
          {
            "trust": 0.1,
            "url": "http://marc.info/?l=bugtraq\u0026m=119091888624735"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2007-10-09T00:39:04",
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-10-05T05:29:31",
            "db": "PACKETSTORM",
            "id": "59797"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:52:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Boundary Condition Error",
        "sources": [
          {
            "db": "BID",
            "id": "20249"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200110-0169

    Vulnerability from variot - Updated: 2025-12-20 21:52

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/


    Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).

    During the parsing of certain invalid ASN1 structures an error condition is mishandled. (CVE-2006-2937)

    Certain types of public key can take disproportionate amounts of time to process. (CVE-2006-2940)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738)

    Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. OpenSSL library vulnerabilities:
    
    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    (CVE-2006-4343) The get_server_hello function in the SSLv2 client
    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
    earlier versions allows remote servers to cause a denial of service
    (client crash) via unknown vectors that trigger a null pointer
    dereference. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0169",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Dr S. N. Henson of Open Network Security with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n\n During the parsing of certain invalid ASN1 structures an error\n condition is mishandled. (CVE-2006-2937)\n\n Certain types of public key can take disproportionate amounts of time\n to process. (CVE-2006-2940)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n buffer overflow in the SSL_get_shared_ciphers utility function, used by\n some applications such as exim and mysql.  An attacker could send a\n list of ciphers that would overrun a buffer. (CVE-2006-3738)\n\n Tavis Ormandy and Will Drewry of the Google Security Team discovered a\n possible DoS in the sslv2 client code. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    (CVE-2006-4343) The get_server_hello function in the SSLv2 client\n    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n    earlier versions allows remote servers to cause a denial of service\n    (client crash) via unknown vectors that trigger a null pointer\n    dereference. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.32
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 2.4
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200110-0169",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-12-20T21:52:04.681000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.4,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.4,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.4,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200609-1634

    Vulnerability from variot - Updated: 2025-12-17 22:33

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/


    Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)

    Updated packages are patched to address these issues.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1634",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Tavis Ormandy and Will Drewry of the Google Security Team with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.04
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200609-1634",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333337
      },
      "last_update_date": "2025-12-17T22:33:17.793000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.7,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "20246"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200609-1501

    Vulnerability from variot - Updated: 2025-12-17 22:18

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ASN.1 Denial of Service Attack (2/2)

     Certain types of public key can take disproportionate amounts of
     time to process. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1501",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          }
        ],
        "trust": 5.4
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 3.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200609-1501",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-12-17T22:18:16.007000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0280

    Vulnerability from variot - Updated: 2025-12-17 20:54

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]

    New OpenSSL releases are now available to correct four security issues.

    ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

    Vulnerability

    Dr. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    (CVE-2006-4343) The get_server_hello function in the SSLv2 client
    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
    earlier versions allows remote servers to cause a denial of service
    (client crash) via unknown vectors that trigger a null pointer
    dereference.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0280",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro v2"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v4"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v1"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v2"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v1 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3 ad"
          },
          {
            "model": "ridoc document system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "image log options  v1"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "device operation management utility"
          },
          {
            "model": "ridoc print linkage",
            "scope": null,
            "trust": 0.8,
            "vendor": "ricoh",
            "version": null
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2"
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f3000"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f40"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f80/f100/f120/f1000"
          },
          {
            "model": "mucho series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "mucho-ev/pk"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_print_linkage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Dr S. N. Henson of Open Network Security with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2940",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937). Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    (CVE-2006-4343) The get_server_hello function in the SSLv2 client\n    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and\n    earlier versions allows remote servers to cause a denial of service\n    (client crash) via unknown vectors that trigger a null pointer\n    dereference. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.76
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 3.2
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200110-0280",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-12-17T20:54:33.869000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "RSA \u516c\u958b\u9375\u306b\u3088\u308b\u8106\u5f31\u6027\uff08Parasitic Public Key\uff09\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.furukawa.co.jp/fitelnet/topic/x509b_attacks.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl096b (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=460"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "NISCC-729618",
            "trust": 0.8,
            "url": "http://www.ricoh.co.jp/ridoc_ds/rds/download/Ridoc_DoS.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2940"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/423396"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200110-0292

    Vulnerability from variot - Updated: 2025-11-28 02:45

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. OpenSSL Security Advisory [28th September 2006]

    New OpenSSL releases are now available to correct four security issues.

    ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)

    Vulnerability

    Dr. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Acknowledgements

    The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google Security Team for reporting this issue.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b.

    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172 http://www.mandriva.com/security/


    Package : openssl Date : September 28, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0292",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. OpenSSL Security Advisory [28th September 2006]\n\nNew OpenSSL releases are now available to correct four security\nissues. \n\n\nASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)\n==============================================================\n\nVulnerability\n-------------\n\nDr. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  This can result in an infinite loop which\nconsumes system memory (CVE-2006-2937).  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. This could be used by an attacker in a denial of\nservice attack (CVE-2006-2940). \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Tavis Ormandy and Will Drewry of the Google\nSecurity Team for reporting this issue. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                         MDKSA-2006:172\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : September 28, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.59
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200110-0292",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-28T02:45:48.166000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1247

    Vulnerability from variot - Updated: 2025-11-27 20:31

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1247",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          }
        ],
        "trust": 5.31
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 3.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200609-1247",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-27T20:31:39.445000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1220

    Vulnerability from variot - Updated: 2025-11-26 22:15

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. OpenSSL library vulnerabilities:
    
    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- .


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1220",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "model": "mucho series",
            "scope": null,
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-4343",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-534",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.95
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 3.7
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200609-1220",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333337
      },
      "last_update_date": "2025-11-26T22:15:59.356000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102711",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Oracle Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "729618/NISCC/PARASITIC-KEYS",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/niscc729618.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-DesignError",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://www.jpcert.or.jp/wr/2004/wr044501.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4343"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.4,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000595"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "design error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1560

    Vulnerability from variot - Updated: 2025-11-25 21:23

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-04-12 Last Updated: 2007-04-12

    Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1560",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-04-12\nLast Updated: 2007-04-12\n\nPotential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          }
        ],
        "trust": 4.41
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 2.3
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200609-1560",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-25T21:23:54.275000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0224

    Vulnerability from variot - Updated: 2025-11-24 23:15

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
    

    files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
    
    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.


    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0224",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.86
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 2.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200110-0224",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-24T23:15:18.370000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.6,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1416

    Vulnerability from variot - Updated: 2025-11-24 22:25

    Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users.

    Background

    OpenSSL is an implementation of the Secure Socket Layer and Transport Layer Security protocols.

    Affected packages

    -------------------------------------------------------------------
     Package           /   Vulnerable   /                   Unaffected
    -------------------------------------------------------------------
    

    1 dev-libs/openssl < 0.9.8e-r3 >= 0.9.8e-r3

    Description

    Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. A local attacker could perform a side channel attack to retrieve the RSA private keys.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8e-r3"
    

    References

    [ 1 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 2 ] CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 [ 3 ] CVE-2007-5135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200710-06.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.
    
    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (1/2)

     During the parsing of certain invalid ASN.1 structures an error
     condition is mishandled. This can result in an infinite loop which
     consumes system memory. ASN.1 Denial of Service Attack (2/2)
    
     Certain types of public key can take disproportionate amounts of
     time to process. This could be used by an attacker in a denial of
     service attack. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1416",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "11 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "wizpy",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-26000"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "networks meridian option 61c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "systems management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7.168"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux database server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "stonebeat fullcluster for gauntlet",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1050"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "networks meridian option 51c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "aironet acs350 c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3502.6"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "6000"
          },
          {
            "model": "networks cs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.5"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "fuji",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "networks meridian option 81c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.4"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks self-service mps",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "servercluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5.2"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "2700"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1740"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1010"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "stonegate ips sensor and analyzer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.1"
          },
          {
            "model": "networks communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1000"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0.0x64"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-45000"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "networks vpn router contivity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "-46000"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "17500"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "1.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "5000"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.6"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "networks ip address domain manager",
            "scope": null,
            "trust": 0.3,
            "vendor": "nortel",
            "version": null
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6.3"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "stonebeat fullcluster for raptor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0.8"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "stonebeat webcluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "networks meridian option 11c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1-0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0.1"
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1700"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "stonebeat fullcluster for firewall-1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "stonebeat fullcluster for isa server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "3.0"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "networks vpn router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "1100"
          },
          {
            "model": "stonebeat securitycluster",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.5"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "stonegate high availability firewall and vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "stonesoft",
            "version": "2.6"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "networks wlan access point",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nortel",
            "version": "7250.0"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_wizpy",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tavis Ormandy taviso@gentoo.org Will Drewry wad@google.com",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-3738",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-3738",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-3738",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-3738",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-536",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. \nSuccessfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. \n\nBackground\n==========\n\nOpenSSL is an implementation of the Secure Socket Layer and Transport\nLayer Security protocols. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package           /   Vulnerable   /                   Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl      \u003c 0.9.8e-r3                    \u003e= 0.9.8e-r3\n\nDescription\n===========\n\nMoritz Jodeit reported an off-by-one error in the\nSSL_get_shared_ciphers() function, resulting from an incomplete fix of\nCVE-2006-3738. A flaw has also been reported in the\nBN_from_montgomery() function in crypto/bn/bn_mont.c when performing\nMontgomery multiplication. A local attacker could\nperform a side channel attack to retrieve the RSA private keys. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8e-r3\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 2 ] CVE-2007-3108\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108\n  [ 3 ] CVE-2007-5135\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200710-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. OpenSSL library vulnerabilities:\n\n    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d\n    allows remote attackers to cause a denial of service (infinite\n    loop and memory consumption) via malformed ASN.1 structures that\n    trigger an improperly handled error condition. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1\n    SSH protocol, allows remote attackers to cause a denial of service\n    (CPU consumption) via an SSH packet that contains duplicate blocks,\n    which is not properly handled by the CRC compensation attack\n    detector. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4\n    allows remote attackers to cause a denial of service (crash), and\n    possibly execute arbitrary code if GSSAPI authentication is enabled,\n    via unspecified vectors that lead to a double-free. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. This can result in an infinite loop which\n     consumes system memory. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.95
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-3738",
            "trust": 3.7
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 2.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "30161",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22654",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22633",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4314",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29262",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "59899",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "id": "VAR-200609-1416",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.28107159000000004
      },
      "last_update_date": "2025-11-24T22:25:19.396000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102711",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "TLSA-2007-52",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2007/TLSA-2007-52.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "TLSA-2007-52",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2007/TLSA-2007-52j.txt"
          },
          {
            "title": "vu386964-547300",
            "trust": 0.8,
            "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu386964-547300.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.7,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/547300"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20249"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4256"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22654"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22633"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/470460/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29237"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9370"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4314"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29262"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30161"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www130.nortelnetworks.com/go/main.jsp?cscat=bltndetail\u0026documentoid=498093\u0026renditionid=\u0026poid=8881"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3738"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.4,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.stonesoft.com/en/support/security_advisories/2909_2006.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "/archive/1/481217"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www116.nortelnetworks.com/pub/repository/clarify/document/2006/44/021420-01.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://enigmail.mozdev.org"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3108"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/glsa/glsa-200710-06.xml"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20249"
          },
          {
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2007-10-09T00:39:04",
            "db": "PACKETSTORM",
            "id": "59899"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:52:00",
            "db": "BID",
            "id": "20249"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000594"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-3738"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-536"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1205

    Vulnerability from variot - Updated: 2025-11-23 21:48

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ASN.1 Denial of Service Attack (2/2)

     Certain types of public key can take disproportionate amounts of
     time to process. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. (CVE-2006-4343)

    Updated packages are patched to address these issues.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1205",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2937",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 3.5
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.9
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200609-1205",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-23T21:48:25.347000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/br-20061103-00745.html"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-3"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 2.1,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2937"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.4,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000592"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1521

    Vulnerability from variot - Updated: 2025-11-22 21:53

    The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error condition is mishandled. (This issue did not affect OpenSSL versions prior to 0.9.7)

    1. Certain types of public key can take disproportionate amounts of time to process.

    Any code which uses OpenSSL to parse ASN.1 data from untrusted sources is affected. This includes SSL servers which enable client authentication and S/MIME applications.

    Acknowledgements

    The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer (CVE-2006-3738).

    SSLv2 Client Crash (CVE-2006-4343)

    Vulnerability

    A flaw in the SSLv2 client code was discovered.

    Recommendations

    These vulnerabilities are resolved in the following versions of OpenSSL:

    • in the 0.9.7 branch, version 0.9.7l (or later);
    • in the 0.9.8 branch, version 0.9.8d (or later).

    OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under https://www.openssl.org/source/mirror.html):

    o https://www.openssl.org/source/
    o ftp://ftp.openssl.org/source/
    

    The distribution file names are:

    o openssl-0.9.8d.tar.gz
      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
    
    o openssl-0.9.7l.tar.gz
      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
    

    The checksums were calculated using the following commands:

    openssl md5 openssl-0.9*.tar.gz
    openssl sha1 openssl-0.9*.tar.gz
    

    After upgrading make sure to recompile any applications statically linked to OpenSSL libraries and restart all applications that use OpenSSL.

    References

    URL for this Security Advisory: https://www.openssl.org/news/secadv_20060928.txt . rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


    Mandriva Linux Security Advisory MDKSA-2006:172-1 http://www.mandriva.com/security/


    Package : openssl Date : October 2, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0


    Problem Description:

    Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)

    Updated packages are patched to address these issues.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1521",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.04"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "5.10"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ubuntu linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "canonical",
            "version": "6.06"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "secure acs solution engine",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.10"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cwrsync",
            "version": "2.0.9"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "x8610.0"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.1"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "solaris data encryption kit",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "10.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.3"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.3"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "solaris 10 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "linux openexchange server",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.42"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90001.3(3.33)"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "secure acs for windows server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.50.3.45"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "40003.1.59.24"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "series airespace wireless lan controller",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "20003.1.59.24"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "ciscosecure acs appliance",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1111"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.6.4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "mds 9216i",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "90002.0(0.86)"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "css11500 content services switch",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "8.10.2.65"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.5"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.5.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "secure acs for unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3.6.1"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "secure acs solution engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3.2"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "secure acs for windows nt",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "ciscosecure acs for windows and unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "9000"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-4343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2006-4343",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-4343",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-534",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Henson recently developed an ASN.1 test suite for NISCC\n(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error\ncondition is mishandled.  (This issue did not affect\nOpenSSL versions prior to 0.9.7)\n\n2. Certain types of public key can take disproportionate amounts of\ntime to process. \n\nAny code which uses OpenSSL to parse ASN.1 data from untrusted sources\nis affected. This includes SSL servers which enable client\nauthentication and S/MIME applications. \n\nAcknowledgements\n----------------\n\nThe OpenSSL team thank Dr S. Henson of Open Network Security and NISCC\nfor funding the ASN.1 test suite project.  An attacker could send a list of ciphers to an\napplication that uses this function and overrun a buffer\n(CVE-2006-3738). \n\n\nSSLv2 Client Crash (CVE-2006-4343)\n==================================\n\nVulnerability\n-------------\n\nA flaw in the SSLv2 client code was discovered. \n\n\nRecommendations\n===============\n\nThese vulnerabilities are resolved in the following versions of OpenSSL:\n\n   - in the 0.9.7 branch, version 0.9.7l (or later);\n   - in the 0.9.8 branch, version 0.9.8d (or later). \n\nOpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via\nHTTP and FTP from the following master locations (you can find the\nvarious FTP mirrors under https://www.openssl.org/source/mirror.html):\n\n    o https://www.openssl.org/source/\n    o ftp://ftp.openssl.org/source/\n\nThe distribution file names are:\n\n    o openssl-0.9.8d.tar.gz\n      MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa\n      SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2\n\n    o openssl-0.9.7l.tar.gz\n      MD5 checksum: b21d6e10817ddeccf5fbe1379987333e\n      SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d\n    \nThe checksums were calculated using the following commands:\n\n    openssl md5 openssl-0.9*.tar.gz\n    openssl sha1 openssl-0.9*.tar.gz\n\nAfter upgrading make sure to recompile any applications statically\nlinked to OpenSSL libraries and restart all applications that use\nOpenSSL. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20060928.txt\n. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n \n Mandriva Linux Security Advisory                       MDKSA-2006:172-1\n http://www.mandriva.com/security/\n _______________________________________________________________________\n \n Package : openssl\n Date    : October 2, 2006\n Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,\n           Multi Network Firewall 2.0\n _______________________________________________________________________\n \n Problem Description:\n \n Dr S N Henson of the OpenSSL core team and Open Network Security\n recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.14
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.4
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343",
            "trust": 2.8
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 2.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1973",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4443",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25420",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22791",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "EXPLOIT-DB",
            "id": "4773",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29263",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "169663",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "id": "VAR-200609-1521",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.24822762333333337
      },
      "last_update_date": "2025-11-22T21:53:11.486000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-476",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.7,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/386964"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10207"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a4356"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1973"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25420"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1"
          },
          {
            "trust": 1.0,
            "url": "https://www.exploit-db.com/exploits/4773"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29240"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201531-1"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4443"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29263"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22791"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.itefix.no/phpws/index.php?module=announce\u0026ann_user_op=view\u0026ann_id=80"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102711-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/"
          },
          {
            "trust": 0.1,
            "url": "https://www.openssl.org/source/mirror.html):"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20246"
          },
          {
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2006-09-28T12:12:12",
            "db": "PACKETSTORM",
            "id": "169663"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T09:25:00",
            "db": "BID",
            "id": "20246"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-4343"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "design error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-534"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200609-1261

    Vulnerability from variot - Updated: 2025-11-22 21:51

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. (CVE-2006-4343)

    Updated packages are patched to address these issues.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (1/2)

     During the parsing of certain invalid ASN.1 structures an error
     condition is mishandled. ASN.1 Denial of Service Attack (2/2)
    
     Certain types of public key can take disproportionate amounts of
     time to process. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g. DHCP denial of service vulnerability

    ~ A potential denial of service issue affects DHCP service running ~ on the host.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1261",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro v2"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v4"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v1"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v2"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v1 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3 ad"
          },
          {
            "model": "ridoc document system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "image log options  v1"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "device operation management utility"
          },
          {
            "model": "ridoc print linkage",
            "scope": null,
            "trust": 0.8,
            "vendor": "ricoh",
            "version": null
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2"
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f3000"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f40"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f80/f100/f120/f1000"
          },
          {
            "model": "mucho series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "mucho-ev/pk"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.48"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.47"
          },
          {
            "model": "peoplesoft enterprise peopletools",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.22"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i standard edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i personal edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.7.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.6.0"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0.5"
          },
          {
            "model": "oracle9i enterprise edition fips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.5"
          },
          {
            "model": "oracle9i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1.4"
          },
          {
            "model": "oracle8i standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4"
          },
          {
            "model": "oracle8i enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7.4.0"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.2"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.5"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g standard edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g personal edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.2"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.4"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3.1"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.3"
          },
          {
            "model": "oracle10g enterprise edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.4.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3.0.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.2.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.1.0"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.1"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "oracle10g application server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "identity management 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4.0.1"
          },
          {
            "model": "9i application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0.2.2"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.2.1"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.5"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.4"
          },
          {
            "model": "enterprise manager grid control 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.3"
          },
          {
            "model": "e-business suite 11i cu2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.10"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.9"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.8"
          },
          {
            "model": "e-business suite 11i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.5.7"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "11.0"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "10.1.2.0.2"
          },
          {
            "model": "developer suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "developer suite 6i",
            "scope": null,
            "trust": 0.3,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.2"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.1"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "210.1.2.0.0"
          },
          {
            "model": "application server release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "29.0.2.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.3"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.2"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4.1"
          },
          {
            "model": "application server 10g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.4"
          },
          {
            "model": "oracle for openview for linux ltu",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "0"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.1.1"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "8.1.7"
          },
          {
            "model": "oracle for openview",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "9.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_print_linkage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor credits Dr S. N. Henson of Open Network Security with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#221788",
                "trust": 0.8,
                "value": "4.20"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2940",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. \nThe issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g.  DHCP denial of service vulnerability\n\n~     A potential denial of service issue affects DHCP service running\n~     on the host. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface.  This may result in denial\n~     of service via memory exhaustion and memory corruption. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          }
        ],
        "trust": 5.85
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "22083",
            "trust": 3.7
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 3.3
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788",
            "trust": 1.1
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200609-1261",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-22T21:51:12.186000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "RSA \u516c\u958b\u9375\u306b\u3088\u308b\u8106\u5f31\u6027\uff08Parasitic Public Key\uff09\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.furukawa.co.jp/fitelnet/topic/x509b_attacks.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl096b (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=460"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "NISCC-729618",
            "trust": 0.8,
            "url": "http://www.ricoh.co.jp/ridoc_ds/rds/download/Ridoc_DoS.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.7,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 1.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 1.6,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 1.4,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.2,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2007.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2940"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/423396"
          },
          {
            "trust": 0.6,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.red-database-security.com/advisory/oracle_xmldb_css2.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/oracle-cpu-january-2007/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.integrigy.com/security-resources/analysis/cpu-january-2007-tech-matrix/view"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/index.html"
          },
          {
            "trust": 0.3,
            "url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4092"
          },
          {
            "trust": 0.3,
            "url": "http://www.kb.cert.org/vuls/id/221788"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/457193"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/464470"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458657"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458036"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458006"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458037"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458005"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458041"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458038"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/458475"
          },
          {
            "trust": 0.3,
            "url": "http://docs.info.apple.com/article.html?artnum=307177"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2007-01-16T00:00:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-01-17T00:00:00",
            "db": "CERT/CC",
            "id": "VU#221788"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2008-05-20T23:05:00",
            "db": "BID",
            "id": "22083"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "network",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "BID",
            "id": "22083"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL SSLv2 client code fails to properly check for NULL",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Failure to Handle Exceptional Conditions",
        "sources": [
          {
            "db": "BID",
            "id": "20247"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-200609-1196

    Vulnerability from variot - Updated: 2025-11-19 20:25

    OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


                   VMware Security Advisory
    

    Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980


    1. Summary:

    Updated ESX Patches address several security issues.

    1. Relevant releases:

    VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097

    VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4

    1. Problem description:

    Problems addressed by these patches:

    a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
    

    b.

    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.
    
    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.
    

    c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems
    
    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).
    
    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.
    
    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.
    
    NOTE: ESX by default disables version 1 SSH protocol.
    
    NOTE: ESX doesn't use GSSAPI by default.
    
    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.
    
    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
    

    d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
    
    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.
    
    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.
    

    e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem
    
    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.
    
    1. Solution:

    Please review the Patch notes for your version of ESX and verify the md5sum.

    ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb

    ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc

    ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb

    ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739

    ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

    ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f

    1. References:

    ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097

    ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131

    ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

    ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

    ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

    ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

    1. Contact:

    http://www.vmware.com/security

    VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html

    E-mail: security@vmware.com

    Copyright 2007 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . rPath Security Advisory: 2006-0175-1 Published: 2006-09-28 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.


    Full-Disclosure - We believe in it. This can result in an infinite loop which consumes system memory. ASN.1 Denial of Service Attack (2/2)

     Certain types of public key can take disproportionate amounts of
     time to process. This could be used by an attacker in a denial of
     service attack. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00849540 Version: 1

    HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-01-17 Last Updated: 2007-01-23

    Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX.

    References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

    BACKGROUND

    AFFECTED VERSIONS

    For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.23

    hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    END AFFECTED VERSIONS

    RESOLUTION

    HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

    HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

    Apache Update Procedure

    Check for Apache Installation


    To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

    Stop Apache


    Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

    Download and Install Apache


    Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

    Removing Apache Installation


    The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

    MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product.

    PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

    HISTORY: rev.1 - 23 January 2007 Initial Release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.

    BACKGROUND

    CVSS 2.0 Base Metrics

    Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

    RESOLUTION

    HP has made the following software updates available to resolve these vulnerabilities.

    Kit Name Location

    HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.

    BACKGROUND

    RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm 17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm 8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm 3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm 6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm 52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm

    Mandriva Linux 2007.0: 1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm 1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm 59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm 3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm 9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm

    Corporate 3.0: c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm 151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm 82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 3.0/X86_64: 01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm 30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm 83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm

    Corporate 4.0: 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: 746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm 6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm 22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm 1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: 19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm 92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm 847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0 wB09L3fylyiHgrXvSV6VL7A= =/+dm -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200609-1196",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.50"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(1)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.8"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(2)"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(3)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(0)"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.1"
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.60"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(0)"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.x"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.61"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.6"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ids",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.3(5)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.2"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "3)4.2"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "anti-virus for ms exchange",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.40"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.3"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.193"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.6(1)"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.7"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.5"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.3"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2007.0"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.41"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.4"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "hat enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(2)"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "hat enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.7"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.42"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons 15454sdh",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0(0)"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "internet gatekeeper",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "f secure",
            "version": "6.400"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.6"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandriva",
            "version": "2006.0"
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)4.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.2"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dr. S. N. HensonNISCC uniras@niscc.gov.uk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2937",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2937",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2937",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#247744",
                "trust": 0.8,
                "value": "0.28"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-523",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. \nAn attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2007-0001\nSynopsis:          VMware ESX server security updates\nIssue date:        2007-01-08\nUpdated on:        2007-01-08\nCVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940\n                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343\n                   CVE-2006-4980\n- -------------------------------------------------------------------\n\n1. Summary:\n\nUpdated ESX Patches address several security issues. \n\n2. Relevant releases:\n\nVMware ESX 3.0.1 without patch ESX-9986131\nVMware ESX 3.0.0 without patch ESX-3069097\n\nVMware ESX 2.5.4 prior to upgrade patch 3\nVMware ESX 2.5.3 prior to upgrade patch 6\nVMware ESX 2.1.3 prior to upgrade patch 4\nVMware ESX 2.0.2 prior to upgrade patch 4\n\n3. Problem description:\n\nProblems addressed by these patches:\n\na. Incorrect permissions on SSL key files generated  by vmware-config\n(CVE-2006-3589):\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with the configuration program\n    vmware-config which could set incorrect permissions on SSL key\n    files. Local users may be able to obtain access to the SSL key\n    files. The Common Vulnerabilities and Exposures project\n    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. \n\nb. \n\n    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,\n    and earlier versions allows attackers to cause a denial of service\n    (CPU consumption) via parasitic public keys with large (1) \"public\n    exponent\" or (2) \"public modulus\" values in X.509 certificates that\n    require extra time to process when using RSA signature verification. \n\n    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8\n    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1\n    padding before generating a hash, which allows remote attackers to\n    forge a PKCS #1 v1.5 signature that is signed by that RSA key and\n    prevents OpenSSL from correctly verifying X.509 and other\n    certificates that use PKCS #1. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,\n    CVE-2006-4339, and CVE-2006-4343 to these issues. \n\nc. Updated OpenSSH package addresses the following possible security issues:\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by Patch ESX-3069097\n    ESX 2.5.4: does not have these problems\n    ESX 2.5.3: does not have these problems\n    ESX 2.1.3: does not have these problems\n    ESX 2.0.2: does not have these problems\n\n    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly\n    other versions, when using privilege separation, does not properly\n    signal the non-privileged process when a session has been terminated\n    after exceeding the LoginGraceTime setting, which leaves the\n    connection open and allows remote attackers to cause a denial of\n    service (connection consumption). \n\n    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute\n    arbitrary commands via filenames that contain shell metacharacters\n    or spaces, which are expanded twice. \n\n    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host\n    access by numeric IP addresses and with VerifyReverseMapping\n    disabled, allows remote attackers to bypass \"from=\" and \"user@host\"\n    address restrictions by connecting to a host from a system whose\n    reverse DNS hostname contains the numeric IP address. \n\n    NOTE: ESX by default disables version 1 SSH protocol. \n\n    NOTE: ESX doesn\u0027t use GSSAPI by default. \n\n    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege\n    Separation Monitor in OpenSSH before 4.5 causes weaker verification\n    that authentication has been successful, which might allow attackers\n    to bypass authentication. \n\n    NOTE: as of 20061108, it is believed that this issue is only\n    exploitable by leveraging vulnerabilities in the unprivileged\n    process, which are not known to exist. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,\n    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. \n\nd. Object reuse problems with newly created virtual disk (.vmdk or .dsk)\nfiles:\n\n    ESX 3.0.1: does not have this problem\n    ESX 3.0.0: does not have this problem\n    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)\n    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)\n    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)\n    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)\n\n    A possible security issue with virtual disk (.vmdk or .dsk) files\n    that are newly created, but contain blocks from recently deleted\n    virtual disk files.  Information belonging to the previously\n    deleted virtual disk files could be revealed in newly created\n    virtual disk files. \n\n    VMware recommends the following workaround: When creating new\n    virtual machines on an ESX Server that may contain sensitive\n    data, use vmkfstools with the -W option. This initializes the\n    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w. \n\ne. Buffer overflow in Python function repr():\n\n    ESX 3.0.1: corrected by Patch ESX-9986131\n    ESX 3.0.0: corrected by ESX-3069097\n    ESX 2.5.4: does not have this problem\n    ESX 2.5.3: does not have this problem\n    ESX 2.1.3: does not have this problem\n    ESX 2.0.2: does not have this problem\n\n    A possible security issue with how the Python function repr()\n    function handles UTF-32/UCS-4 strings. \n\n    The Common Vulnerabilities and Exposures project (cve.mitre.org)\n    assigned the name CVE-2006-4980 to this issue. \n\n4. Solution:\n\nPlease review the Patch notes for your version of ESX and verify the md5sum. \n\n  ESX 3.0.1\n  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\n  md5usm: 239375e107fd4c7af57663f023863fcb\n\n  ESX 3.0.0\n  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\n  md5sum: ca9947239fffda708f2c94f519df33dc\n\n  ESX 2.5.4\n  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n  md5sum: 239375e107fd4c7af57663f023863fcb\n\n  ESX 2.5.3\n  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n  md5sum: f90fcab28362edbf2311f3ca90cc7739\n\n  ESX 2.1.3\n  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f\n\n  ESX 2.0.2\n  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n  md5sum: 925e70f28d17714c53fdbd24de64329f\n\n\n5. References:\n\nESX 3.0.0 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-3069097-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/3069097\n\nESX 3.0.1 Patch URL:\nhttp://www.vmware.com/support/vi3/doc/esx-9986131-patch.html\nKnowledge base URL:  http://kb.vmware.com/kb/9986131\n\nESX 2.5.4 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html\n\nESX 2.5.3 Patch URL:\nhttp://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html\n\nESX 2.1.3 Patch URL:\nhttp://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html\n\nESX 2.0.2 Patch URL:\nhttp://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980\n\n6. Contact:\n\nhttp://www.vmware.com/security\n\nVMware Security Response Policy\nhttp://www.vmware.com/vmtn/technology/security/security_response.html\n\nE-mail:  security@vmware.com\n\nCopyright 2007 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (GNU/Linux)\n\niD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE\nneFG0RikD74TCYeXKW6CBy4=\n=9/6k\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. rPath Security Advisory: 2006-0175-1\nPublished: 2006-09-28\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n\n_______________________________________________\nFull-Disclosure - We believe in it. This can result in an infinite loop which\n     consumes system memory. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. This could be used by an attacker in a denial of\n     service attack. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00849540\nVersion: 1\n\nHPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-01-17\nLast Updated: 2007-01-23\n\nPotential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. \n\nReferences: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01\n\nBACKGROUND\n\nAFFECTED VERSIONS\n\nFor IPv4:\nHP-UX B.11.00\nHP-UX B.11.11\n===========\nhpuxwsAPACHE\naction: install revision A.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nFor IPv6:\nHP-UX B.11.11\n===========\nhpuxwsAPACHE,revision=B.1.0.00.01\nhpuxwsAPACHE,revision=B.1.0.07.01\nhpuxwsAPACHE,revision=B.1.0.08.01\nhpuxwsAPACHE,revision=B.1.0.09.01\nhpuxwsAPACHE,revision=B.1.0.10.01\nhpuxwsAPACHE,revision=B.2.0.48.00\nhpuxwsAPACHE,revision=B.2.0.49.00\nhpuxwsAPACHE,revision=B.2.0.50.00\nhpuxwsAPACHE,revision=B.2.0.51.00\nhpuxwsAPACHE,revision=B.2.0.52.00\nhpuxwsAPACHE,revision=B.2.0.53.00\nhpuxwsAPACHE,revision=B.2.0.54.00\nhpuxwsAPACHE,revision=B.2.0.55.00\nhpuxwsAPACHE,revision=B.2.0.56.00\nhpuxwsAPACHE,revision=B.2.0.58.00\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.23\n===========\nhpuxwsAPACHE\naction: install revision B.2.0.58.01 or subsequent\nrestart Apache\nURL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nEND AFFECTED VERSIONS\n\nRESOLUTION\n\nHP has made the following software updates available to resolve the issue. \nSoftware updates for the Apache-based Web Server are available from:\nhttp://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\n\nHP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. \n\nApache Update Procedure\n\nCheck for Apache Installation\n -----------------------------\nTo determine if the Apache web server from HP is installed on your system, use Software Distributor\u0027s swlist command. All three revisions of the product may co-exist on a single system. \nFor example, the results of the command swlist -l product | grep -I apache\nhpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server\n\nStop Apache\n -------------\nBefore updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. \nAfter determining which Apache is installed, stop Apache with the following commands:\nfor hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop\n\nDownload and Install Apache\n --------------------------\nDownload Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE\nVerify successful download by comparing the cksum with the value specified on the installation web page. \nUse SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. \n\nRemoving Apache Installation\n ---------------------------\nThe potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor\u0027s \"swremove\" command and also \"rm -rf\" the home location as specified in the rc.config.d file \"HOME\" variables. \n%ls /etc/rc.config.d | \\ grep apache hpapache2conf hpws_apache[32]conf\n\nMANUAL ACTIONS: Yes - Update plus other actions\nInstall the revision of the product. \n\nPRODUCT SPECIFIC INFORMATION\nHP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. \nFor more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA\n\nHISTORY: rev.1 - 23 January 2007 Initial Release\n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n  - verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2002-0839    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2002-0840    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2003-0542    (AV:L/AC:L/Au:N/C:C/I:C/A:C)        7.2\nCVE-2004-0492    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2005-2491    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2005-3352    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2005-3357    (AV:N/AC:H/Au:N/C:N/I:N/A:C)        5.4\nCVE-2006-2937    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-2940    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8\nCVE-2006-3738    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2006-3747    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6\nCVE-2006-3918    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2006-4339    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2006-4343    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2007-5000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2007-6388    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2008-0005    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3\nCVE-2009-1891    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1\nCVE-2009-3095    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3291    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3292    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3293    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5\nCVE-2009-3555    (AV:N/AC:M/Au:N/C:N/I:P/A:P)        5.8\nCVE-2010-0010    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \nHP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. \n\nBACKGROUND\n\n\nRESOLUTION\nHP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 8291bde3bd9aa95533aabc07280203b8  2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n b2ce6e6bb7e3114663d3a074d0cc7da5  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm\n f7c8dbc2eda0c90547d43661454d1068  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 7c9ebd9f9179f4e93627dcf0f3442335  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm\n 17e2d82c3f6c0afbf48eccbfbcc17b55  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm\n 8c3f89e1900f069d4a4ad3162a9f7d78  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 3a68c653ba0339ba99162459385c72e2  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm\n 6ce5832a59b8b67425cb7026ea9dc876  2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm \n 52b3fbfc1389bcd73e406d6ff741e9dc  2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n 1bfeff47c8d2f6c020c459881be68207  2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm\n 1e1a4db54ddfaedb08a6d847422099ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 59c80405f33b2e61ffd3cef025635e21  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm\n 3a6657970a2e7661bd869d221a69c8da  2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n af679c647d97214244a8423dc1a766b7  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm\n d7b1ed07df4115b3bcc3907e00d25a89  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 5bd3ece2c0ec7a3201c29fa84e25a75a  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm\n 9b028020dba009eddbf06eeb8607b87f  2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm \n aad29e57ddceb66105af5d6434de9a62  2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm\n\n Corporate 3.0:\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 98a925c5ba2ecc9d704b1e730035755e  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 151493a50693e3b9cc67bfafadb9ce42  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm\n 82b4709bdbb9128746887013a724356a  corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 01a922d80d6fc9d1b36dde15ee27747e  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm\n 30268f0b70862d1f5998694ac8b4addc  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n e0388ff1efa34ea55d033e95b4e9bb63  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm\n c99ea58f6f4959a4c36398cc6b2b4ee2  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm\n 83759622f0cc8ea9c0f6d32671283354  corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm \n a5bdbe6afa52005a734dc18aa951677d  corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm\n\n Corporate 4.0:\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n d8477333b67ec3a36ba46c50e6183993  corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 746e5e916d1e05379373138a5db20923  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n a2b1d750075a32fe8badbdf1f7febafe  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 47c464cf890a004f772c1db3e839fa12  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm\n 6d71d2358738be9967b2dfe19d3642f1  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm\n 22890554d3096ce596eeec7393ee3fcf  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 679fe740859fa35b2bb77b19c4a0e787  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm\n 1030a6124a9fa4fd5a41bdff077301bf  corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm \n b65dbbd9fb3d74d302478640476a2cd2  corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 19055eda58e1f75814e594ce7709a710  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm\n abfe548617969f619aec5b0e807f1f67  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 92e7515c9125367a79fdb490f5b39cd4  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm\n 847eecb1d07e4cab3d1de1452103c3a0  mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm \n b6b67fa82d7119cde7ab7816aed17059  mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0\nwB09L3fylyiHgrXvSV6VL7A=\n=/+dm\n-----END PGP SIGNATURE-----\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 4.68
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 2.4
          },
          {
            "db": "CERT/CC",
            "id": "VU#247744",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "23131",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "20248",
            "trust": 1.3
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4761",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29260",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "53566",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "53990",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "101257",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "58346",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "id": "VAR-200609-1196",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-11-19T20:25:11.048000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 2.1,
            "url": "http://www.f-secure.com/security/fsc-2006-6.shtml"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.3,
            "url": "http://www.kb.cert.org/vuls/id/247744"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.1,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23131"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4761"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29260"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10560"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29228"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/20248"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.9,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23131/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22544/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22385/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22671/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23155/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23340/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259/"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.3,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.3,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.2,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.2,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/9986131"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/vmtn/technology/security/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3589"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4980"
          },
          {
            "trust": 0.1,
            "url": "http://kb.vmware.com/kb/3069097"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.1,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayproductinfo.pl?productnumber=hpuxwssuite"
          },
          {
            "trust": 0.1,
            "url": "http://software.hp.com/portal/swdepot/displayproductinfo.do?productnumber=b6834aa"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2969"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
          },
          {
            "trust": 0.1,
            "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26977.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26866.html"
          },
          {
            "trust": 0.1,
            "url": "http://h18023.www1.hp.com/support/files/server/us/download/26864.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.1,
            "url": "http://www.mandriva.com/security/advisories"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20248"
          },
          {
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2007-01-13T22:56:30",
            "db": "PACKETSTORM",
            "id": "53566"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2007-01-27T02:35:42",
            "db": "PACKETSTORM",
            "id": "53990"
          },
          {
            "date": "2011-05-10T00:45:11",
            "db": "PACKETSTORM",
            "id": "101257"
          },
          {
            "date": "2007-08-08T07:19:47",
            "db": "PACKETSTORM",
            "id": "58346"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#247744"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2015-03-19T08:40:00",
            "db": "BID",
            "id": "20248"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2937"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL may fail to properly parse invalid ASN.1 structures",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#247744"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-523"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200110-0196

    Vulnerability from variot - Updated: 2025-10-17 22:39

    OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion. This vulnerability may cause a denial of service. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2 Published: 2006-09-28 Updated: 2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

    References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://issues.rpath.com/browse/RPL-613

    Description: Previous versions of the openssl package are vulnerable to multiple attacks. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

    29 September 2006 Update: The initial fix for this vulnerability was
    incomplete, and the fault in the fix could enable a Denial of Service
    attack in some cases of the attack described in CVE-2006-2940.
    

    Full-Disclosure - We believe in it. (CVE-2006-4343)

    Updated packages are patched to address these issues.

    Update:

    There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.


    References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    Updated Packages:

    Mandriva Linux 2006.0: 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm 526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2006.0/X86_64: 54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm 632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm 5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm 73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm 441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm

    Mandriva Linux 2007.0: db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Mandriva Linux 2007.0/X86_64: 1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm 36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm 26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm 78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm

    Corporate 3.0: 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm 6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 3.0/X86_64: 52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm 258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm 7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm 492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm 2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm

    Corporate 4.0: 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Corporate 4.0/X86_64: b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm 89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm 76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm 0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm 8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm

    Multi Network Firewall 2.0: cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm 11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm 8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm 214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm


    To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

    All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

    gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

    You can view other update advisories for Mandriva Linux at:

    http://www.mandriva.com/security/advisories

    If you want to report vulnerabilities, please contact

    security_(at)_mandriva.com


    Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3 mAaLoEPfjUca1TR98vgpZUU= =Ff9O -----END PGP SIGNATURE-----


    Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256


    ~ VMware Security Advisory

    Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340


    1. Summary:

    ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line.

    1. Relevant releases:

    ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier

    1. Problem description:

    ~ a. Host to guest shared folder (HGFS) traversal vulnerability

    ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations.

    NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. No versions of ESX Server, including ~ ESX Server 3i, are affected by this vulnerability. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected.

    ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ b. Insecure named pipes

    ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user.

    ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues.

    ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities

    ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ d. Updated OpenSSL library to address various security vulnerabilities

    ~ Updated OpenSSL fixes several security flaws were discovered ~ in previous versions of OpenSSL.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion is not affected by this issue.

    ~ e. VIX API default setting changed to a more secure default value

    ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability

    ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines.

    ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue.

    ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ NOTE: Fusion and Linux based products are not affected by this ~ issue.

    ~ g.

    ~ VMware would like to thank Martin O'Neal for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)

    ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products.

    ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file

    ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process.

    ~ VMware would like to thank Sun Bing for reporting the issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue.

    ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)

    ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service

    ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface.

    ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue.

    ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue.

    ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)

    1. Solution:

    Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.

    ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9

    ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202

    ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8

    ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html

    ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0

    ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f

    1. References:

    ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340


    1. Contact:

    E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

    This Security Advisory is posted to the following lists:

    ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk

    E-mail: security@vmware.com

    Security web site http://www.vmware.com/security

    VMware security response policy http://www.vmware.com/support/policies/security_response.html

    General support life cycle policy http://www.vmware.com/support/policies/eos.html

    VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html

    Copyright 2008 VMware Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)

    iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

    SUPPORT COMMUNICATION - SECURITY BULLETIN

    Document ID: c00967144 Version: 1

    HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)

    NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

    Release Date: 2007-04-12 Last Updated: 2007-04-12

    Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)

    Source: Hewlett-Packard Company, HP Software Security Response Team

    VULNERABILITY SUMMARY Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).

    References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)

    SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)

    BACKGROUND

    RESOLUTION

    HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.

    The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)

    HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd

    HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126

    HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7

    HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45

    HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e

    HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652

    Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.

    PRODUCT SPECIFIC INFORMATION

    The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d

    Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d

    Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.

    The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.

    HISTORY Version:1 (rev.1) - 12 April 2007 Initial release

    Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

    Support: For further information, contact normal HP Services support channel.

    Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key

    Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.

    To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

    To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

    • The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

    GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

    System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

    "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    \xa9Copyright 2007 Hewlett-Packard Development Company, L.P.

    Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ASN.1 Denial of Service Attack (1/2)

     During the parsing of certain invalid ASN.1 structures an error
     condition is mishandled. ASN.1 Denial of Service Attack (2/2)
    
     Certain types of public key can take disproportionate amounts of
     time to process. SSL_get_shared_ciphers() Buffer Overflow
    
     A buffer overflow was discovered in the SSL_get_shared_ciphers()
     utility function. An attacker could send a list of ciphers to an
     application that uses this function and overrun a buffer. SSLv2 Client Crash
    
     A flaw in the SSLv2 client code was discovered.
    

    References: [0] http://www.openssl.org/news/secadv_20060928.txt [1] http://www.openssl.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343


    For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG openpkg@openpkg.org" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. --WfZ7S8PLGjBY9Voh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline


    Gentoo Linux Security Advisory GLSA 200610-11


                                            http://security.gentoo.org/
    

    Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 24, 2006 Bugs: #145510 ID: 200610-11


    Synopsis

    OpenSSL contains multiple vulnerabilities including the possible remote execution of arbitrary code.

    Background

    OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N.

    Workaround

    There is no known workaround at this time.

    Resolution

    All OpenSSL 0.9.8 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
    

    All OpenSSL 0.9.7 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
    

    References

    [ 1 ] CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 [ 2 ] CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 [ 3 ] CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 [ 4 ] CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200610-11.xml

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

    License

    Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200110-0196",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "debian gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "openssl",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "oracle",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "red hat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "suse linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "slackware linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "ubuntu",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 3.2,
            "vendor": "rpath",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "trustix secure linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 2.4,
            "vendor": "f5",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "apple computer",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gentoo linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "gnutls",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "hewlett packard",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "mandriva",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "sun microsystems",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 1.6,
            "vendor": "vmware",
            "version": null
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.1c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.3a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.5a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.2b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6l"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6m"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8b"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6g"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6f"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6d"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6h"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7e"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7i"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.8a"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.6j"
          },
          {
            "model": "openssl",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "openssl",
            "version": "0.9.7d"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openbsd",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "appgate network security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "attachmatewrq",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "blue coat",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "iaik java group",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ibm",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "internet consortium",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "intoto",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "juniper",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "mozilla",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "openwall gnu linux",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "opera",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "rsa security",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ssh security corp",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "sybase",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "vandyke",
            "version": null
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "stonesoft",
            "version": null
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.2.6-p1"
          },
          {
            "model": "bind",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "isc",
            "version": "9.3.2-p1"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.7k"
          },
          {
            "model": "openssl",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "openssl",
            "version": "0.9.8c"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar410v2"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar450s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar550s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar570s"
          },
          {
            "model": "centrecom",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "allied telesis",
            "version": "ar740"
          },
          {
            "model": "e-business suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "11.5.10cu2"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "oracle",
            "version": "9.2.0.8"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "2.1"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0"
          },
          {
            "model": "asianux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cybertrust",
            "version": "4.0 (x86-64)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "10 (x86)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (sparc)"
          },
          {
            "model": "solaris",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "sun microsystems",
            "version": "9 (x86)"
          },
          {
            "model": "turbolinux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10_f"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (hosting)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "1.0 (workgroup)"
          },
          {
            "model": "turbolinux appliance server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "2.0"
          },
          {
            "model": "turbolinux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux fuji",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux multimedia",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux personal",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "10 (x64)"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "7"
          },
          {
            "model": "turbolinux server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": "8"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.8,
            "vendor": "turbo linux",
            "version": null
          },
          {
            "model": "trendmicro interscan web security suite",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "trend micro",
            "version": "1.1 solaris edition"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.11"
          },
          {
            "model": "hp-ux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "11.23"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro v2"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document router",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v4"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v1"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "ep v2"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v1 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2 type h"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "ridoc document server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3 ad"
          },
          {
            "model": "ridoc document system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "image log options  v1"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "pro"
          },
          {
            "model": "ridoc io operationserver",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "device operation management utility"
          },
          {
            "model": "ridoc print linkage",
            "scope": null,
            "trust": 0.8,
            "vendor": "ricoh",
            "version": null
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v2"
          },
          {
            "model": "ridoc web navigator",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ricoh",
            "version": "v3"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3 (ws)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (as)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (es)"
          },
          {
            "model": "enterprise linux",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4 (ws)"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "3.0"
          },
          {
            "model": "enterprise linux desktop",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "4.0"
          },
          {
            "model": "linux advanced workstation",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "red hat",
            "version": "2.1"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f3000"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f40"
          },
          {
            "model": "fitelnet-f series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "fitelnet-f80/f100/f120/f1000"
          },
          {
            "model": "mucho series",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "furukawa electric",
            "version": "mucho-ev/pk"
          },
          {
            "model": "application \u0026 content networking software",
            "scope": null,
            "trust": 0.6,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.30"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cisco",
            "version": "7.20"
          },
          {
            "model": "wide area file services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/32"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "call manager sr2c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "siparator",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0"
          },
          {
            "model": "enterprise linux es ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.5"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.16"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "computing snapgear sg565",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.9"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.2"
          },
          {
            "model": "ciscoworks common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(0)"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.3"
          },
          {
            "model": "appliance server hosting edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "secure access control server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.2"
          },
          {
            "model": "s8500 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "fuji",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "hardware management console for pseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "bind a5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "hardware management console for iseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.1.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76650"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/3"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/2"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "project openssl b-36.8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.0"
          },
          {
            "model": "linux lts amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(1)"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "5.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.00"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.6(1)"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "s8700 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8300 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "linux professional oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "8"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.9"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "3.0"
          },
          {
            "model": "suse linux retail solution",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "linux enterprise desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "appliance server workgroup edition",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.11"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.2"
          },
          {
            "model": "hardware management console for iseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.680404"
          },
          {
            "model": "wide area application services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "s8710 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "server c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "karagulle cwrsync",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.9"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "grid engine update5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "suse linux standard server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "8.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "hardware management console for pseries r5.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.380004"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.7"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.334685"
          },
          {
            "model": "grid engine update7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "hardware management console",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.2.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.2.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.1"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.5"
          },
          {
            "model": "server 0.9.1b",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.4.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.0"
          },
          {
            "model": "call manager es32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "call manager 4.1 sr4",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "karagulle cwrsync",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "tevfik",
            "version": "2.0.10"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.6"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1-1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.14"
          },
          {
            "model": "project openssl g",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "open-enterprise-server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.2"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.9"
          },
          {
            "model": "server a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.2"
          },
          {
            "model": "propack sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sgi",
            "version": "3.0"
          },
          {
            "model": "bind a4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "computing snapgear sg560",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "suse linux school server for i386",
            "scope": null,
            "trust": 0.3,
            "vendor": "s u s e",
            "version": null
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "grid engine sun linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "hardware management console for pseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.3.2"
          },
          {
            "model": "current",
            "scope": null,
            "trust": 0.3,
            "vendor": "openpkg",
            "version": null
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "linux mipsel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3x86"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.6.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3"
          },
          {
            "model": "server 0.8.6a",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "-release-p3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.1"
          },
          {
            "model": "messaging storage server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "1.0"
          },
          {
            "model": "hardware management console for pseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0.1"
          },
          {
            "model": "linux professional x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux ppc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "3.0/31"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "firewalll",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(3)"
          },
          {
            "model": "hardware management console for iseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "multi network firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2.0"
          },
          {
            "model": "workstation build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.680404"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "bind a1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.7"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.7"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "rpath",
            "version": "1"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind rc3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "linux powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "call manager sr2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.2.0.1"
          },
          {
            "model": "call manager sr2b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.0.0.201"
          },
          {
            "model": "hardware management console for iseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "call manager es07",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "mds",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "95000"
          },
          {
            "model": "hardware management console for pseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.4"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "7.0"
          },
          {
            "model": "linux ia-64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux mandrake",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2006.0"
          },
          {
            "model": "workstation",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.3"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "openbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openbsd",
            "version": "3.8"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(0)"
          },
          {
            "model": "ons ios-based blades",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "15454"
          },
          {
            "model": "operating system enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "linux lts i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.7"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "232"
          },
          {
            "model": "messaging storage server",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "76550"
          },
          {
            "model": "wireless control system software",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "3.2"
          },
          {
            "model": "hardware management console for iseries r2.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.2"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.2"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.5.0"
          },
          {
            "model": "project openssl h",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "igateway vpn/ssl-vpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "intoto",
            "version": "0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "grid engine",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.5"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "project openssl i",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.17"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.3"
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.5"
          },
          {
            "model": "financials server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "navision",
            "version": "3.0"
          },
          {
            "model": "bind rc2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "hardware management console for pseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.4"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "intuity lx",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "linux personal oss",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "corporate server x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.2"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(1)"
          },
          {
            "model": "amc",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/6"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0(2)"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0.1"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.1.3"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.1"
          },
          {
            "model": "access registrar",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.7.1"
          },
          {
            "model": "hardware management console for iseries r3.2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2(3)"
          },
          {
            "model": "mac os server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "server 0.9.4d",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.1"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "grid engine update7 1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "hp-ux b.11.11",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.4.8"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.4"
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.1"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.4"
          },
          {
            "model": "bind a2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "call manager es40",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.19"
          },
          {
            "model": "call manager es50",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.0"
          },
          {
            "model": "amc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0/5"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.3"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "8.1.7"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.2"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.1"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.04"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.6"
          },
          {
            "model": "linux mips",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.659"
          },
          {
            "model": "corporate server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "3.0"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.4"
          },
          {
            "model": "converged communications server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "2.0"
          },
          {
            "model": "reflection for secure it sp1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.22"
          },
          {
            "model": "bind a3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux arm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0"
          },
          {
            "model": "hardware management console for iseries r3.3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "reflection for secure it",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "attachmate",
            "version": "7.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.2"
          },
          {
            "model": "grid engine update1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5"
          },
          {
            "model": "css11500 content services switch",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.5"
          },
          {
            "model": "s8500 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "project openssl d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.4"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44900"
          },
          {
            "model": "s8700 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.1"
          },
          {
            "model": "hp-ux b.11.23",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "project openssl beta2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-stable",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.2"
          },
          {
            "model": "call manager es56",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.0"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.3"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0x86"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.11"
          },
          {
            "model": "mac os",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "apple",
            "version": "x10.3.9"
          },
          {
            "model": "bind -p1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "9.0"
          },
          {
            "model": "ipcop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.12"
          },
          {
            "model": "hardware management console for iseries r1.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "5.0"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.5"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "3.0"
          },
          {
            "model": "personal",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "unitedlinux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.3"
          },
          {
            "model": "project openssl a",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "1.4.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "predictive dialer",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "ftp server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.3.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1(2)"
          },
          {
            "model": "project openssl f",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.2"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.0"
          },
          {
            "model": "project openssl c",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "works common services",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.2"
          },
          {
            "model": "-release-p20",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "4.11"
          },
          {
            "model": "bind b3",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.3"
          },
          {
            "model": "grid engine update2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3"
          },
          {
            "model": "linux personal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.2.8"
          },
          {
            "model": "appliance server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "2.0"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.5.3"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "red hat network satellite (for rhel",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4)5.1"
          },
          {
            "model": "filezilla",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.15"
          },
          {
            "model": "hardware management console for iseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "secure linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.2"
          },
          {
            "model": "security mars",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.2.2"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4480"
          },
          {
            "model": "call manager sr1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "10.0"
          },
          {
            "model": "unified presence server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "1.0"
          },
          {
            "model": "predictive dialing system",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "11.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.4"
          },
          {
            "model": "project openssl l",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ons",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154548.0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.1"
          },
          {
            "model": "hardware management console for pseries r4.0",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.5"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.2"
          },
          {
            "model": "linux lts sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "ipcop",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ipcop",
            "version": "1.4.13"
          },
          {
            "model": "insight management agents for tru64 unix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "3.5.2"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.1"
          },
          {
            "model": "call manager es33",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.2"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.5"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.1"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ace",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.2.3"
          },
          {
            "model": "s8300 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.0"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "9.0.3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.5"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.8"
          },
          {
            "model": "f...",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.3"
          },
          {
            "model": "-prerelease",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "freebsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.0"
          },
          {
            "model": "beta11",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/2"
          },
          {
            "model": "grid engine 32-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.6"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "enterprise linux ws ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "enterprise linux as",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "http server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "oracle",
            "version": "1.0.2.1"
          },
          {
            "model": "hardware management console for pseries r3.6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3.0"
          },
          {
            "model": "s8710 r2.0.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "openpkg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openpkg",
            "version": "2.3"
          },
          {
            "model": "hp-ux b.11.00",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "filezilla",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "2.2.28"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/4"
          },
          {
            "model": "bind rc1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "bind b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.3"
          },
          {
            "model": "hp-ux b.11.31",
            "scope": null,
            "trust": 0.3,
            "vendor": "hp",
            "version": null
          },
          {
            "model": "novell linux desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "1.0"
          },
          {
            "model": "workstation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "6.0.1"
          },
          {
            "model": "linux personal x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "project openssl e",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.9"
          },
          {
            "model": "hardware management console for pseries r3.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.4"
          },
          {
            "model": "computing snapgear sg710",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.3"
          },
          {
            "model": "call manager es62",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0"
          },
          {
            "model": "project openssl",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "solaris 9 sparc",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.444386"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.1"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3.132"
          },
          {
            "model": "fast360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/5"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.2"
          },
          {
            "model": "css11500 content services switch s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "7.10"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.2.1"
          },
          {
            "model": "groupware server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "kolab",
            "version": "2.0.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.1"
          },
          {
            "model": "bind b1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "fast360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "4.0/1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "255"
          },
          {
            "model": "linux s/390",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "secure acs build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1(1)23"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.2"
          },
          {
            "model": "sip proxy server",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "openvms secure web server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.2"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "enterprise linux as ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2"
          },
          {
            "model": "server b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.8"
          },
          {
            "model": "linux enterprise server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "suse",
            "version": "10"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.1.3"
          },
          {
            "model": "ace",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.3"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "275"
          },
          {
            "model": "linux amd64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.2.3"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "slackware",
            "version": "10.0"
          },
          {
            "model": "-release",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "6.0"
          },
          {
            "model": "bind b2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "linux lts powerpc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "6.06"
          },
          {
            "model": "grid engine update3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "s8500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "0"
          },
          {
            "model": "project openssl beta3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux i386",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ubuntu",
            "version": "5.10"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.2"
          },
          {
            "model": "esx server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.639"
          },
          {
            "model": "workcentre pro",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "245"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.5"
          },
          {
            "model": "openvpn",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.9"
          },
          {
            "model": "firewall",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.2"
          },
          {
            "model": "linux m68k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "4.0"
          },
          {
            "model": "linux sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.1.0.4"
          },
          {
            "model": "linux hppa",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.0.1"
          },
          {
            "model": "workstation build",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "5.5.342958"
          },
          {
            "model": "messaging storage server mm3.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "grid engine 64-bit sparc",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "5.3"
          },
          {
            "model": "enterprise linux ws",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "s8500 cm",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "avaya",
            "version": "3.1"
          },
          {
            "model": "s8710 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "advanced workstation for the itanium processor ia64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "hat red hat network satellite server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "red",
            "version": "4.2"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "5.1.79"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.0"
          },
          {
            "model": "netbsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netbsd",
            "version": "3.1"
          },
          {
            "model": "enterprise linux es",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3"
          },
          {
            "model": "openvpn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openvpn",
            "version": "2.0.7"
          },
          {
            "model": "grid engine update4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.4"
          },
          {
            "model": "ons mspp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "5.4-stable",
            "scope": null,
            "trust": 0.3,
            "vendor": "freebsd",
            "version": null
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.3.30"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "project openssl d",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.8"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.0.3.728"
          },
          {
            "model": "call manager",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.3(1)"
          },
          {
            "model": "linux -current",
            "scope": null,
            "trust": 0.3,
            "vendor": "slackware",
            "version": null
          },
          {
            "model": "bind -p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3.2"
          },
          {
            "model": "grid engine update6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "sun",
            "version": "6.0"
          },
          {
            "model": "ciscoworks common management foundation",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "2.1"
          },
          {
            "model": "linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "home",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.4"
          },
          {
            "model": "bind a6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.4"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154543.3"
          },
          {
            "model": "hardware management console for iseries r2.1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "4.0"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.3"
          },
          {
            "model": "tru64 b-4",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.4.1"
          },
          {
            "model": "message networking",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "call manager es55",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0"
          },
          {
            "model": "css11500 content services switch",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.5"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "8.0"
          },
          {
            "model": "server 0.9.4e",
            "scope": null,
            "trust": 0.3,
            "vendor": "filezilla",
            "version": null
          },
          {
            "model": "player build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "2.0.380004"
          },
          {
            "model": "tru64 b-3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "5.1"
          },
          {
            "model": "linux",
            "scope": null,
            "trust": 0.3,
            "vendor": "gentoo",
            "version": null
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "3.0"
          },
          {
            "model": "linux alpha",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "security agent",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.5.1.657"
          },
          {
            "model": "secure enterprise linux",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "trustix",
            "version": "2.0"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.3.1"
          },
          {
            "model": "desktop",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "project openssl k",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "advanced workstation for the itanium processor",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "redhat",
            "version": "2.1"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "265"
          },
          {
            "model": "call manager es24",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "4.1"
          },
          {
            "model": "hardware management console for pseries",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ibm",
            "version": "3"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.2.1"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.3.2"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": "10.0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.3"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44910"
          },
          {
            "model": "s8300 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear u2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "secure",
            "version": "3.1.4"
          },
          {
            "model": "novell linux pos",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9"
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154542.3(5)"
          },
          {
            "model": "ssl360",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "1.0"
          },
          {
            "model": "ftp server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "serv u",
            "version": "6.01"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "4.5.1"
          },
          {
            "model": "intrusion detection system 4.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "cisco",
            "version": null
          },
          {
            "model": "project openssl beta1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "-releng",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "freebsd",
            "version": "5.3"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.9.6"
          },
          {
            "model": "server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "filezilla",
            "version": "0.8.5"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.0.2"
          },
          {
            "model": "download accelarator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "prozilla",
            "version": "1.3.2"
          },
          {
            "model": "solaris 10 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.3"
          },
          {
            "model": "siparator",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2"
          },
          {
            "model": "s8700 r2.0.1",
            "scope": null,
            "trust": 0.3,
            "vendor": "avaya",
            "version": null
          },
          {
            "model": "computing snapgear sg580",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "secure",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.4"
          },
          {
            "model": "bind",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "isc",
            "version": "9.1.3"
          },
          {
            "model": "system management homepage",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.8"
          },
          {
            "model": "ons 15454e optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "openvms secure web server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "1.1-1"
          },
          {
            "model": "application control engine module",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "0"
          },
          {
            "model": "system management homepage",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1.1"
          },
          {
            "model": "linux ia-32",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "debian",
            "version": "3.1"
          },
          {
            "model": "firewall",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ingate",
            "version": "3.2.1"
          },
          {
            "model": "solaris 9 x86",
            "scope": null,
            "trust": 0.3,
            "vendor": "sun",
            "version": null
          },
          {
            "model": "project openssl m",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "gss global site selector",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "44920"
          },
          {
            "model": "project openssl l",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.7"
          },
          {
            "model": "linux professional",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "9.2"
          },
          {
            "model": "suse linux openexchange server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "s u s e",
            "version": "4.0"
          },
          {
            "model": "workcentre",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "xerox",
            "version": "238"
          },
          {
            "model": "player",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.5"
          },
          {
            "model": "project openssl b",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.2"
          },
          {
            "model": "linux mandrake x86 64",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "mandrakesoft",
            "version": "2007.0"
          },
          {
            "model": "server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "vmware",
            "version": "1.0.580187"
          },
          {
            "model": "ons mstp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154540"
          },
          {
            "model": "project openssl j",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "openssl",
            "version": "0.9.6"
          },
          {
            "model": "ssl360",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "arkoon",
            "version": "2.0/3"
          },
          {
            "model": "multimedia",
            "scope": null,
            "trust": 0.3,
            "vendor": "turbolinux",
            "version": null
          },
          {
            "model": "ons optical transport platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "cisco",
            "version": "154544.0(2)"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:isc:bind",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:openssl:openssl",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:allied_telesis_k.k.:centrecom",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:e-business_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:oracle:http_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:sun:solaris",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:turbolinux:turbolinux_home",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:hp:hp-ux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_print_linkage",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:fitelnet-f",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:furukawa_electric:mucho",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andy Davis advisories@irmplc.com Vicente Aguilera Diaz vaguilera@isecauditors.com Esteban Martinez FayoTony FogartyOliver Karow Oliver.karow@gmx.de Joxean Koret joxeankoret@yahoo.es Alexander Kornbrust ak@red-database-security.com David Litchfield",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2006-2940",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2006-2940",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2006-2940",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#423396",
                "trust": 0.8,
                "value": "7.92"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#386964",
                "trust": 0.8,
                "value": "0.32"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#845620",
                "trust": 0.8,
                "value": "7.56"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#547300",
                "trust": 0.8,
                "value": "2.53"
              },
              {
                "author": "NVD",
                "id": "CVE-2006-2940",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200609-533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) \"public exponent\" or (2) \"public modulus\" values in X.509 certificates that require extra time to process when using RSA signature verification. Some applications that perform X.509 certificate verification may be vulnerable to signature processing problems that lead to resource exhaustion.  This vulnerability may cause a denial of service. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability because it fails to validate the lengths of public keys being used. rPath Security Advisory: 2006-0175-2\nPublished: 2006-09-28\nUpdated:\n    2006-09-29 Resolved issue in patch for CVE-2006-2940\nProducts: rPath Linux 1\nRating: Major\nExposure Level Classification:\n    Remote Deterministic Unauthorized Access\nUpdated Versions:\n    openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n    openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1\n\nReferences:\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n    http://issues.rpath.com/browse/RPL-613\n\nDescription:\n    Previous versions of the openssl package are vulnerable to multiple\n    attacks. \n    In particular, any connection that the mysql daemon will accept\n    may be vulnerable.  In the default configuration of mysql, that\n    would be a local unauthorized access vulnerability, but mysql can\n    be configured to listen for network connections from remote hosts,\n    which would then enable remote unauthorized access.  Any program\n    that calls the SSL_get_shared_ciphers() function may be vulnerable. \n    \n    29 September 2006 Update: The initial fix for this vulnerability was\n    incomplete, and the fault in the fix could enable a Denial of Service\n    attack in some cases of the attack described in CVE-2006-2940. \n\n_______________________________________________\nFull-Disclosure - We believe in it. (CVE-2006-4343)\n\n Updated packages are patched to address these issues. \n\n Update:\n\n There was an error in the original published patches for CVE-2006-2940. \n New packages have corrected this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2006.0:\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 526fcd69e1a1768c82afd573dc16982f  2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2006.0/X86_64:\n 54ed69fc4976d3c0953eeebd3c10471a  2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm\n 632fbe5eaff684ec2f27da4bbe93c4f6  2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 04dbe52bda3051101db73fabe687bd7e  2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm\n 5e48a8d9a6a03a045b6d0d2b6903dc5b  2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm\n f86f3a2efd19ff5fb1600212cbd8e463  2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm\n 73b99c1a8a34fe3c2279c09c4f385804  2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm\n ca169246cc85db55839b265b90e8c842  2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm \n 441a806fc8a50f74f5b4bcfce1fc8f66  2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm\n\n Mandriva Linux 2007.0:\n db68f8f239604fb76a0a10c70104ef61  2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n a97c6033a33fabcd5509568304b7a988  2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 1895971ef1221056075c4ee3d4aaac72  2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm\n cfd59201e5e9c436f42b969b4aa567f1  2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n 36da85c76eddf95feeb3f4b792528483  2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm\n db68f8f239604fb76a0a10c70104ef61  2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm\n 26a4de823aee08e40d28ed7e6ff5b2ff  2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n ab949cf85296ceae864f83fbbac2b55a  2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm\n e3aebeae455a0820c5f28483bd6d3fa5  2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm \n 78964615b7bd71028671257640be3bc5  2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm\n\n Corporate 3.0:\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 1e7834f6f0fe000f8f00ff49ee6f7ea0  corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm\n 6c86220445ef34c2dadadc3e00701885  corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm\n c25c4042a91b6e7bf9aae1aa2fea32a5  corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52dfd4d10e00c9bd0944e4486190de93  corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm\n 258a19afc44dadfaa00d0ebd8b3c0df4  corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n cd5cc151e476552be549c6a37b8a71ea  corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm\n 7f60837e42b45ce50f365ec1372d6aeb  corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm\n 492fcc0df9172557a3297d0082321d4d  corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm \n 2c47b1604aa89033799b1ead4bcebe01  corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm\n\n Corporate 4.0:\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n daa6c3473f59405778dedd02de73fcc9  corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n b5ae71aacd5b99be9e9327d58da29230  corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 89296e03778a198940c1c413e44b9f45  corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n cb17a0d801c1181ab380472b8ffb085e  corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm\n 76b3078e53be2ddc019bee74ccb1f39e  corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm\n 0aa4ca3b0d2925255650fb90132d7aad  corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 86dc91f1701293f3319a833746bbe421  corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm\n 8d9a55afdc6d930916bac00fd4c4739b  corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm \n a8d2a946d266a94c6d46537ad78b18fa  corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n cd7ad7e95ce17995dfa8129ebe517049  mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm\n 11771240baebdc6687af70a8a0f2ffd2  mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 8f672bc81b9528598a8560d876612bfa  mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm\n 214f857a36e5c3e600671b7291cd08ae  mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm \n bbb299fd643ccbfbdc1a48b12c7005ce  mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.2.2 (GNU/Linux)\n\niD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3\nmAaLoEPfjUca1TR98vgpZUU=\n=Ff9O\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------\n~                   VMware Security Advisory\n\nAdvisory ID:       VMSA-2008-0005\nSynopsis:          Updated VMware Workstation, VMware Player, VMware\n~                   Server, VMware ACE, and VMware Fusion resolve\n~                   critical security issues\nIssue date:        2008-03-17\nUpdated on:        2008-03-17 (initial release of advisory)\nCVE numbers:       CVE-2008-0923 CVE-2008-0923 CVE-2008-1361\n~                   CVE-2008-1362 CVE-2007-5269 CVE-2006-2940\n~                   CVE-2006-2937 CVE-2006-4343 CVE-2006-4339\n~                   CVE-2007-5618 CVE-2008-1364 CVE-2008-1363\n~                   CVE-2008-1340\n- -------------------------------------------------------------------\n\n1. Summary:\n\n~   Several critical security vulnerabilities have been addressed\n~   in the newest releases of VMware\u0027s hosted product line. \n\n2. Relevant releases:\n\n~   VMware Workstation 6.0.2 and earlier\n~   VMware Workstation 5.5.4 and earlier\n~   VMware Player 2.0.2 and earlier\n~   VMware Player 1.0.4 and earlier\n~   VMware ACE 2.0.2 and earlier\n~   VMware ACE 1.0.2 and earlier\n~   VMware Server 1.0.4 and earlier\n~   VMware Fusion 1.1 and earlier\n\n3. Problem description:\n\n~ a.  Host to guest shared folder (HGFS) traversal vulnerability\n\n~     On Windows hosts, if you have configured a VMware host to guest\n~     shared folder (HGFS), it is possible for a program running in the\n~     guest to gain access to the host\u0027s file system and create or modify\n~     executable files in sensitive locations. \n\nNOTE: VMware Server is not affected because it doesn\u0027t use host to\n~      guest shared folders.  No versions of ESX Server, including\n~      ESX Server 3i, are affected by this vulnerability.  Because\n~      ESX Server is based on a bare-metal hypervisor architecture\n~      and not a hosted architecture, and it doesn\u0027t include any\n~      shared folder abilities.  Fusion and Linux based hosted\n~      products are unaffected. \n\n~     VMware would like to thank CORE Security Technologies for\n~     working with us on this issue.  This addresses advisory\n~     CORE-2007-0930. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2008-0923 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ b.  Insecure named pipes\n\n~     An internal security audit determined that a malicious Windows\n~     user could attain and exploit LocalSystem privileges by causing\n~     the authd process to connect to a named pipe that is opened and\n~     controlled by the malicious user. \n\n~     The same internal security audit determined that a malicious\n~     Windows user could exploit an insecurely created named pipe\n~     object to escalate privileges or create a denial of service\n~     attack.  In this situation, the malicious user could\n~     successfully impersonate authd and attain privileges under\n~     which Authd is executing. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the names CVE-2008-1361, CVE-2008-1362 to these\n~     issues. \n\n~     Windows Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ c.  Updated libpng library to version 1.2.22 to address various\n~     security vulnerabilities\n\n~     Several flaws were discovered in the way libpng handled various PNG\n~     image chunks. An attacker could create a carefully crafted PNG\n~     image file in such a way that it could cause an application linked\n~     with libpng to crash when the file was manipulated. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     has assigned the name CVE-2007-5269 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ d.  Updated OpenSSL library to address various security vulnerabilities\n\n~     Updated OpenSSL fixes several security flaws were discovered\n~     in previous versions of OpenSSL. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the following names to these issues: CVE-2006-2940,\n~     CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion is not affected by this issue. \n\n~ e.  VIX API default setting changed to a more secure default value\n\n~     Workstation 6.0.2 allowed anonymous console access to the guest by\n~     means of the VIX API. This release, Workstation 6.0.3, disables\n~     this feature. This means that the Eclipse Integrated Virtual\n~     Debugger and the Visual Studio Integrated Virtual Debugger will now\n~     prompt for user account credentials to access a guest. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n~ f.  Windows 2000 based hosted products privilege escalation\n~     vulnerability\n\n~     This release addresses a potential privilege escalation on\n~     Windows 2000 hosted products.  Certain services may be improperly\n~     registered and present a security vulnerability to Windows 2000\n~     machines. \n\n~     VMware would like to thank Ray Hicken for reporting this issue and\n~     David Maciejak for originally pointing out these types of\n~     vulnerabilities. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2007-5618 to this issue. \n\n~     Windows versions of Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~     NOTE: Fusion and Linux based products are not affected by this\n~           issue. \n\n~ g. \n\n~     VMware would like to thank Martin O\u0027Neal for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1364 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n~     VMware Fusion      1.1 upgrade to version 1.1.1 (Build# 72241)\n\n~     NOTE: This issue doesn\u0027t affect the latest versions of VMware\n~           Workstation 6, VMware Player 2, and ACE 2 products. \n\n~ h.  Local Privilege Escalation on Windows based platforms by\n~     Hijacking VMware VMX configuration file\n\n~     VMware uses a configuration file named \"config.ini\" which\n~     is located in the application data directory of all users. \n~     By manipulating this file, a user could gain elevated\n~     privileges by hijacking the VMware VMX process. \n\n~     VMware would like to thank Sun Bing for reporting the issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1363 to this issue. \n\n~     Windows based Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware Player      1.0 upgrade to version 1.0.6 (Build# 80404)\n~     VMware Server      1.0 upgrade to version 1.0.5 (Build# 80187)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n~     VMware ACE         1.0 upgrade to version 1.0.5 (Build# 79846)\n\n~ i.  Virtual Machine Communication Interface (VMCI) memory corruption\n~     resulting in denial of service\n\n~     VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,\n~     and VMware ACE 2.0.  It is an experimental, optional feature and\n~     it may be possible to crash the host system by making specially\n~     crafted calls to the VMCI interface. \n\n~     VMware would like to thank Andrew Honig of the Department of\n~     Defense for reporting this issue. \n\n~     The Common Vulnerabilities and Exposures project (cve.mitre.org)\n~     assigned the name CVE-2008-1340 to this issue. \n\n~     Hosted products\n~     ---------------\n~     VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)\n~     VMware Player      2.0 upgrade to version 2.0.3 (Build# 80004)\n~     VMware ACE         2.0 upgrade to version 2.0.1 (Build# 80004)\n\n4. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n~  VMware Workstation 6.0.3\n~  ------------------------\n~  http://www.vmware.com/download/ws/\n~  Release notes:\n~  http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html\n~  Windows binary\n~  md5sum:  323f054957066fae07735160b73b91e5\n~  RPM Installation file for 32-bit Linux\n~  md5sum:  c44183ad11082f05593359efd220944e\n~  tar Installation file for 32-bit Linux\n~  md5sum:  57601f238106cb12c1dea303ad1b4820\n~  RPM Installation file for 64-bit Linux\n~  md5sum:  e9ba644be4e39556724fa2901c5e94e9\n~  tar Installation file for 64-bit Linux\n~  md5sum:  d8d423a76f99a94f598077d41685e9a9\n\n~  VMware Workstation 5.5.5\n~  ------------------------\n~  http://www.vmware.com/download/ws/ws5.html\n~  Release notes:\n~  http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html\n~  Windows binary\n~  md5sum:  9c2dd94db5eed93d7f64e8d6ba8d8bd3\n~  Compressed Tar archive for 32-bit Linux\n~  md5sum:  77401c0842a151f0b2db0b4fcb0d16eb\n~  Linux RPM version for 32-bit Linux\n~  md5sum:  c222b6db934deb9c1bb79b16b25a3202\n\n~  VMware Server 1.0.5\n~  -------------------\n~  http://www.vmware.com/download/server/\n~  Release notes:\n~  http://www.vmware.com/support/server/doc/releasenotes_server.html\n~  VMware Server for Windows 32-bit and 64-bit\n~  md5sum:  3c4a57310c55e17bf8e4a1059d5b36cc\n~  VMware Server Windows client package\n~  md5sum:  cb3dd2439203dc510f4d95f06ba59d21\n~  VMware Server for Linux\n~  md5sum:  161dcbe5af9bbd9834a86bf7c599903e\n~  VMware Server for Linux rpm\n~  md5sum:  fc3b81ed18b53eda943a992971e9f84a\n~  Management Interface\n~  md5sum:  dd10d25895d9994bd27ca896152f48ef\n~  VMware Server Linux client package\n~  md5sum:  aae18f1f7b8811b5499e3a358754d4f8\n\n~  VMware ACE 2.0.3 and 1.0.5\n~  --------------------------\n~  http://www.vmware.com/download/ace/\n~  Windows Release notes:\n~  http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html\n\n~  VMware Fusion 1.1.1\n~  -------------------\n~  http://www.vmware.com/download/fusion/\n~  Release notes:\n~  http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html\n~  md5sum:  38e116ec26b30e7a6ac47c249ef650d0\n\n~  VMware Player 2.0.3 and 1.0.6\n~  ----------------------\n~  http://www.vmware.com/download/player/\n~  Release notes Player 1.x:\n~  http://www.vmware.com/support/player/doc/releasenotes_player.html\n~  Release notes Player 2.0\n~  http://www.vmware.com/support/player2/doc/releasenotes_player2.html\n~  2.0.3 Windows binary\n~  md5sum:  0c5009d3b569687ae139e13d24c868d3\n~  VMware Player 2.0.3 for Linux (.rpm)\n~  md5sum:  53502b2112a863356dcd13dd0d8dd8f2\n~  VMware Player 2.0.3 for Linux (.tar)\n~  md5sum:  2305fcff49bef6e4ad83742412eac978\n~  VMware Player 2.0.3 - 64-bit (.rpm)\n~  md5sum:  cf945b571c4d96146ede010286fdfca5\n~  VMware Player 2.0.3 - 64-bit (.tar)\n~  md5sum:  f99c5b293eb87c5f918ad24111565b9f\n~  1.0.6 Windows binary\n~  md5sum:  895081406c4de5361a1700ec0473e49c\n~  Player 1.0.6 for Linux (.rpm)\n~  md5sum:  8adb23799dd2014be0b6d77243c76942\n~  Player 1.0.6 for Linux (.tar)\n~  md5sum:  c358f8e1387fb60863077d6f8a9f7b3f\n\n5. References:\n\n~   CVE numbers\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363\n~   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340\n\n- -------------------------------------------------------------------\n6. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n~  * security-announce@lists.vmware.com\n~  * bugtraq@securityfocus.com\n~  * full-disclosure@lists.grok.org.uk\n\nE-mail:  security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc.  All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv\nCv8MnL2bYPyDfYQ3f4IUL+w=\n=tFXS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c00967144\nVersion: 1\n\nHPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-04-12\nLast Updated: 2007-04-12\n\nPotential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS). \n\nReferences: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL) \nVU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND) \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following supported software versions are affected: \nHP Tru64 UNIX v 5.1B-4 (SSL and BIND) \nHP Tru64 UNIX v 5.1B-3 (SSL and BIND) \nHP Tru64 UNIX v 5.1A PK6 (BIND) \nHP Tru64 UNIX v 4.0G PK4 (BIND) \nHP Tru64 UNIX v 4.0F PK8 (BIND) \nInternet Express (IX) v 6.6 BIND (BIND) \nHP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) \n\nBACKGROUND\n\nRESOLUTION\n\nHP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. \n\nThe fixes contained in the ERP kits will be available in the following mainstream releases:\n -Targeted for availability in HP Tru64 UNIX v 5.1B-5 \n -Internet Express (IX) v 6.7 \n -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) \n\nHP Tru64 UNIX Version 5.1B-4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 \nName: T64KIT1001167-V51BB27-ES-20070321\nMD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd\n \nHP Tru64 UNIX Version 5.1B-3 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 \nName: T64KIT1001163-V51BB26-ES-20070315\nMD5 Checksum: d376d403176f0dbe7badd4df4e91c126\n \nHP Tru64 UNIX Version 5.1A PK6 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 \nName: T64KIT1001160-V51AB24-ES-20070314\nMD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7\n \nHP Tru64 UNIX Version 4.0G PK4 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 \nName: T64KIT1001166-V40GB22-ES-20070316\nMD5 Checksum: a446c39169b769c4a03c654844d5ac45\n \nHP Tru64 UNIX Version 4.0F PK8 ERP Kit \nLocation: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 \nName: DUXKIT1001165-V40FB22-ES-20070316\nMD5 Checksum: 718148c87a913536b32a47af4c36b04e\n \nHP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) \nLocation: http://h30097.www3.hp.com/cma/patches.html \nName: CPQIM360.SSL.01.tar.gz\nMD5 Checksum: 1001a10ab642461c87540826dfe28652\n \nInternet Express (IX) v 6.6 BIND \nNote: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. \n \n\n\nPRODUCT SPECIFIC INFORMATION \n\nThe HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:\n -OpenSSL 0.9.8d \n -BIND 9.2.8 built with OpenSSL 0.9.8d \n\nNote: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d\n\nCustomers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. \n\nThe HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. \n\nHISTORY \nVersion:1 (rev.1) - 12 April 2007 Initial release \n\nThird Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com \n  Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n  - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n  - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ASN.1 Denial of Service Attack (1/2)\n\n     During the parsing of certain invalid ASN.1 structures an error\n     condition is mishandled. ASN.1 Denial of Service Attack (2/2)\n\n     Certain types of public key can take disproportionate amounts of\n     time to process. SSL_get_shared_ciphers() Buffer Overflow\n\n     A buffer overflow was discovered in the SSL_get_shared_ciphers()\n     utility function. An attacker could send a list of ciphers to an\n     application that uses this function and overrun a buffer. SSLv2 Client Crash\n \n     A flaw in the SSLv2 client code was discovered. \n________________________________________________________________________\n\nReferences:\n  [0] http://www.openssl.org/news/secadv_20060928.txt \n  [1] http://www.openssl.org/\n  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n________________________________________________________________________\n\nFor security reasons, this advisory was digitally signed with the\nOpenPGP public key \"OpenPKG \u003copenpkg@openpkg.org\u003e\" (ID 63C4CB9F) of the\nOpenPKG project which you can retrieve from http://pgp.openpkg.org and\nhkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org\nfor details on how to verify the integrity of this advisory. \n--WfZ7S8PLGjBY9Voh\nContent-Type: text/plain; charset=us-ascii\nContent-Disposition: inline\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 200610-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n  Severity: High\n     Title: OpenSSL: Multiple vulnerabilities\n      Date: October 24, 2006\n      Bugs: #145510\n        ID: 200610-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nOpenSSL contains multiple vulnerabilities including the possible remote\nexecution of arbitrary code. \n\nBackground\n==========\n\nOpenSSL is a toolkit implementing the Secure Sockets Layer, Transport\nLayer Security protocols and a general-purpose cryptography library. Additionally Dr. Stephen N. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8d\"\n\nAll OpenSSL 0.9.7 users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.7l\"\n\nReferences\n==========\n\n  [ 1 ] CVE-2006-2937\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937\n  [ 2 ] CVE-2006-2940\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940\n  [ 3 ] CVE-2006-3738\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738\n  [ 4 ] CVE-2006-4343\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200610-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2006 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          }
        ],
        "trust": 5.49
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2006-2940",
            "trust": 4.3
          },
          {
            "db": "BID",
            "id": "22083",
            "trust": 4.2
          },
          {
            "db": "SECUNIA",
            "id": "23280",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "23309",
            "trust": 3.4
          },
          {
            "db": "SECUNIA",
            "id": "22130",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "20247",
            "trust": 2.1
          },
          {
            "db": "SECUNIA",
            "id": "23351",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22207",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22212",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22116",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22216",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22220",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22330",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22240",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22259",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22260",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22165",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22166",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22172",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22284",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22186",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22193",
            "trust": 1.8
          },
          {
            "db": "SECUNIA",
            "id": "22094",
            "trust": 1.8
          },
          {
            "db": "SECTRACK",
            "id": "1016943",
            "trust": 1.8
          },
          {
            "db": "USCERT",
            "id": "TA06-333A",
            "trust": 1.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#423396",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-1401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-0343",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3902",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3869",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3860",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4401",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2315",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4019",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4264",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4036",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4327",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4417",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-2396",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4329",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4750",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3820",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-4980",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2007-2783",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3936",
            "trust": 1.0
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0905",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26329",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24930",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "30124",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22799",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22298",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31492",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "31531",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22500",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23038",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22460",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23915",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22385",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22671",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23155",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22487",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23680",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22626",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23794",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "26893",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22772",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "24950",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "25889",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22544",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "23340",
            "trust": 1.0
          },
          {
            "db": "SECUNIA",
            "id": "22758",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "28276",
            "trust": 1.0
          },
          {
            "db": "SECTRACK",
            "id": "1017522",
            "trust": 1.0
          },
          {
            "db": "OSVDB",
            "id": "29261",
            "trust": 1.0
          },
          {
            "db": "BID",
            "id": "20246",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "21709",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "20249",
            "trust": 0.8
          },
          {
            "db": "XF",
            "id": "29237",
            "trust": 0.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "SA06-333A",
            "trust": 0.8
          },
          {
            "db": "USCERT",
            "id": "TA07-017A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0696",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "50595",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50543",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "64684",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "56053",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50535",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50560",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "51324",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50548",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "id": "VAR-200110-0196",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.251886895
      },
      "last_update_date": "2025-10-17T22:39:50.992000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "title": "RSA \u516c\u958b\u9375\u306b\u3088\u308b\u8106\u5f31\u6027\uff08Parasitic Public Key\uff09\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.furukawa.co.jp/fitelnet/topic/x509b_attacks.html"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
          },
          {
            "title": "HPSBUX02174",
            "trust": 0.8,
            "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02174.html"
          },
          {
            "title": "BIND 9: OpenSSL Vulnerabilities",
            "trust": 0.8,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445"
          },
          {
            "title": "openssl (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=459"
          },
          {
            "title": "openssl096b (V4.0)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=460"
          },
          {
            "title": "openssl (V2.x)",
            "trust": 0.8,
            "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1003"
          },
          {
            "title": "secadv_20060928",
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "https://rhn.redhat.com/errata/RHSA-2006-0695.html"
          },
          {
            "title": "102759",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1"
          },
          {
            "title": "102747",
            "trust": 0.8,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "title": "readme_iwss11_sol_patch7_b1182",
            "trust": 0.8,
            "url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.com/security/2006/TLSA-2006-33.txt"
          },
          {
            "title": "Critical Patch Update - January 2007",
            "trust": 0.8,
            "url": "http://otn.oracle.co.jp/security/070119_77/top.html"
          },
          {
            "title": "X.509\u8a3c\u660e\u66f8\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306b\u3064\u3044\u3066",
            "trust": 0.8,
            "url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20071108.html"
          },
          {
            "title": "RHSA-2006:0695",
            "trust": 0.8,
            "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2006-0695J.html"
          },
          {
            "title": "TLSA-2006-33",
            "trust": 0.8,
            "url": "http://www.turbolinux.co.jp/security/2006/TLSA-2006-33j.txt"
          },
          {
            "title": "NISCC-729618",
            "trust": 0.8,
            "url": "http://www.ricoh.co.jp/ridoc_ds/rds/download/Ridoc_DoS.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 4.2,
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "trust": 3.5,
            "url": "http://www.openssl.org/news/secadv_20060928.txt"
          },
          {
            "trust": 2.6,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23280/"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/23309/"
          },
          {
            "trust": 2.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/20247"
          },
          {
            "trust": 1.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta06-333a.html"
          },
          {
            "trust": 1.3,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-260.htm"
          },
          {
            "trust": 1.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml"
          },
          {
            "trust": 1.2,
            "url": "http://issues.rpath.com/browse/rpl-613"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
          },
          {
            "trust": 1.1,
            "url": "http://security.gentoo.org/glsa/glsa-200610-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22385"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22172"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22330"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22220"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22116"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22799"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22094"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3860"
          },
          {
            "trust": 1.0,
            "url": "https://issues.rpath.com/browse/rpl-1633"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0905/references"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1185"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22193"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22216"
          },
          {
            "trust": 1.0,
            "url": "http://www.uniras.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 1.0,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31531"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4401"
          },
          {
            "trust": 1.0,
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/37ak-2006-06-fr-1.1_fast360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:172"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1017522"
          },
          {
            "trust": 1.0,
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10311"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447318/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.676946"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4329"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22626"
          },
          {
            "trust": 1.0,
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22212"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23309"
          },
          {
            "trust": 1.0,
            "url": "http://lists.apple.com/archives/security-announce/2006/nov/msg00001.html"
          },
          {
            "trust": 1.0,
            "url": "http://openvpn.net/changelog.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2783"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22460"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/security/advisories/vmsa-2008-0005.html"
          },
          {
            "trust": 1.0,
            "url": "http://marc.info/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22487"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/28276"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22240"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22772"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00805100"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22671"
          },
          {
            "trust": 1.0,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:178"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24950"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4019"
          },
          {
            "trust": 1.0,
            "url": "http://www.debian.org/security/2006/dsa-1195"
          },
          {
            "trust": 1.0,
            "url": "http://www.arkoon.fr/upload/alertes/41ak-2006-08-fr-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/447393/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200585-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23915"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/25889"
          },
          {
            "trust": 1.0,
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20061001-01-p.asc"
          },
          {
            "trust": 1.0,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29230"
          },
          {
            "trust": 1.0,
            "url": "http://www.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22298"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23155"
          },
          {
            "trust": 1.0,
            "url": "http://www.redhat.com/support/errata/rhsa-2006-0695.html"
          },
          {
            "trust": 1.0,
            "url": "http://support.avaya.com/elmodocs2/security/asa-2006-220.htm"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4036"
          },
          {
            "trust": 1.0,
            "url": "http://www.serv-u.com/releasenotes/"
          },
          {
            "trust": 1.0,
            "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2008-007.txt.asc"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22165"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23351"
          },
          {
            "trust": 1.0,
            "url": "http://securitytracker.com/id?1016943"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22259"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-2"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23038"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_24_sr.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/2315"
          },
          {
            "trust": 1.0,
            "url": "http://support.attachmate.com/techdocs/2374.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3820"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4980"
          },
          {
            "trust": 1.0,
            "url": "http://sourceforge.net/project/shownotes.php?release_id=461863\u0026group_id=69227"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/1401"
          },
          {
            "trust": 1.0,
            "url": "http://docs.info.apple.com/article.html?artnum=304829"
          },
          {
            "trust": 1.0,
            "url": "http://www.trustix.org/errata/2006/0054"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23280"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22130"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22166"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2007/0343"
          },
          {
            "trust": 1.0,
            "url": "http://www.ubuntu.com/usn/usn-353-1"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "trust": 1.0,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01118771"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/2396"
          },
          {
            "trust": 1.0,
            "url": "http://security.freebsd.org/advisories/freebsd-sa-06:23.openssl.asc"
          },
          {
            "trust": 1.0,
            "url": "http://www.openpkg.org/security/advisories/openpkg-sa-2006.021-openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/31492"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3902"
          },
          {
            "trust": 1.0,
            "url": "http://www.cisco.com/en/us/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22260"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22284"
          },
          {
            "trust": 1.0,
            "url": "http://www.novell.com/linux/security/advisories/2006_58_openssl.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22500"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3869"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22186"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/30124"
          },
          {
            "trust": 1.0,
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-11.xml"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22544"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23680"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4327"
          },
          {
            "trust": 1.0,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1"
          },
          {
            "trust": 1.0,
            "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=c00849540"
          },
          {
            "trust": 1.0,
            "url": "https://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00967144"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/3936"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4750"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22758"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://openbsd.org/errata.html#openssl2"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4264"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/24930"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/26893"
          },
          {
            "trust": 1.0,
            "url": "http://www.osvdb.org/29261"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/23340"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://secunia.com/advisories/22207"
          },
          {
            "trust": 1.0,
            "url": "http://www.mandriva.com/security/advisories?name=mdksa-2006:177"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2006/4417"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2531"
          },
          {
            "trust": 0.8,
            "url": "http://www.hornik.sk/sa/sa-20040802.txt"
          },
          {
            "trust": 0.8,
            "url": "http://www.gnu.org/software/gnutls/"
          },
          {
            "trust": 0.8,
            "url": "http://www.securitytracker.com/alerts/2004/aug/1010838.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.niscc.gov.uk/niscc/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/23351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23386964/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20246"
          },
          {
            "trust": 0.8,
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060905.txt "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/21709/"
          },
          {
            "trust": 0.8,
            "url": "http://www.rsasecurity.com/rsalabs/node.asp?id=2125"
          },
          {
            "trust": 0.8,
            "url": "http://www.ietf.org/rfc/rfc3447.txt"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23547300/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-september/049715.html "
          },
          {
            "trust": 0.8,
            "url": "https://issues.rpath.com/browse/rpl-613 "
          },
          {
            "trust": 0.8,
            "url": "http://www.openssl.org/news/secadv_20060928.txt "
          },
          {
            "trust": 0.8,
            "url": "http://kolab.org/security/kolab-vendor-notice-11.txt "
          },
          {
            "trust": 0.8,
            "url": "http://openvpn.net/changelog.html "
          },
          {
            "trust": 0.8,
            "url": "http://www.serv-u.com/releasenotes/ "
          },
          {
            "trust": 0.8,
            "url": "http://openbsd.org/errata.html#openssl2 "
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/bid/20249 "
          },
          {
            "trust": 0.8,
            "url": "http://securitytracker.com/id?1016943 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22094 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22165 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22186 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22193 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22207 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22259 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22260 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22166 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22172 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22212 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22240 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22216 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22116 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22220 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22284 "
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22330 "
          },
          {
            "trust": 0.8,
            "url": "http://xforce.iss.net/xforce/xfdb/29237 "
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20060928-00661.xml"
          },
          {
            "trust": 0.8,
            "url": "http://www.frsirt.com/english/advisories/2006/3820"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta06-333a/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/niscc/niscc-729618/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnta07-017a/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta07-017a"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/tr/trta06-333a"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2940"
          },
          {
            "trust": 0.8,
            "url": "http://www.cpni.gov.uk/docs/re-20060928-00661.pdf?lang=en"
          },
          {
            "trust": 0.8,
            "url": "http://secunia.com/advisories/22130/"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/alerts/sa06-333a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.us-cert.gov/cas/techalerts/ta07-017a.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.kb.cert.org/vuls/id/423396"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.5,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.4,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.3,
            "url": "http://www.isc.org/index.pl?/sw/bind/bind9.4-beta.php"
          },
          {
            "trust": 0.3,
            "url": "http://marc.theaimsgroup.com/?l=bind-announce\u0026m=116253119512445\u0026w=2"
          },
          {
            "trust": 0.3,
            "url": "http://www.cisco.com/warp/public/707/cisco-air-20061108-openssl.shtml"
          },
          {
            "trust": 0.3,
            "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html"
          },
          {
            "trust": 0.3,
            "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en\u0026cc=us\u0026objectid=c00967144"
          },
          {
            "trust": 0.3,
            "url": "http://www1.itrc.hp.com/service/cki/docdisplay.do?admit=-682735245+1165342903618+28353475\u0026docid=c00805100"
          },
          {
            "trust": 0.3,
            "url": "http://www14.software.ibm.com/webapp/set2/sas/f/hmc/home.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.ipcop.org/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=31\u0026mode=thread\u0026order=0\u0026thold=0"
          },
          {
            "trust": 0.3,
            "url": "http://www.ingate.com/relnote-452.php"
          },
          {
            "trust": 0.3,
            "url": "http://www.cyberguard.info/snapgear/releases.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.arkoon.fr/upload/alertes/45ak-2006-08-en-1.1_ssl360_openssl_asn1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102747-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603"
          },
          {
            "trust": 0.3,
            "url": "https://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02475053"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0264.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0525.html"
          },
          {
            "trust": 0.3,
            "url": "http://rhn.redhat.com/errata/rhsa-2008-0629.html"
          },
          {
            "trust": 0.3,
            "url": "http://support.attachmate.com/techdocs/2374.html#security_updates_in_7.0_sp1"
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102668-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1\u0026searchclause="
          },
          {
            "trust": 0.3,
            "url": "http://a1851.g.akamaitech.net/f/1851/2996/24h/cacheb.xerox.com/downloads/usa/en/c/cert_essnetwork_xrx07001_v1.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://secunia.com/"
          },
          {
            "trust": 0.3,
            "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2940"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3738"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4343"
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/"
          },
          {
            "trust": 0.2,
            "url": "https://www.niscc.gov.uk)."
          },
          {
            "trust": 0.2,
            "url": "http://www.mandriva.com/security/advisories"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
          },
          {
            "trust": 0.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1361"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ace/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/player/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/security"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/ws5.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5269"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/fusion/"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5618"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4339"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/ws/"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/security_response.html"
          },
          {
            "trust": 0.1,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/download/server/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1340"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1364"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1363"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0923"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-1362"
          },
          {
            "trust": 0.1,
            "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
          },
          {
            "trust": 0.1,
            "url": "http://www.vmware.com/support/policies/eos_vi.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0494"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0493"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001167-v51bb27-es-20070321"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001163-v51bb26-es-20070315"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
          },
          {
            "trust": 0.1,
            "url": "http://h30097.www3.hp.com/cma/patches.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
          },
          {
            "trust": 0.1,
            "url": "http://h30046.www3.hp.com/subsignin.php"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=duxkit1001165-v40fb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001166-v40gb22-es-20070316"
          },
          {
            "trust": 0.1,
            "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001160-v51ab24-es-20070314"
          },
          {
            "trust": 0.1,
            "url": "http://pgp.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openssl.org/"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org"
          },
          {
            "trust": 0.1,
            "url": "http://www.openpkg.org/security/"
          },
          {
            "trust": 0.1,
            "url": "http://bugs.gentoo.org."
          },
          {
            "trust": 0.1,
            "url": "http://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "http://security.gentoo.org/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "db": "BID",
            "id": "20247"
          },
          {
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2006-09-11T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2006-09-28T00:00:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2006-10-04T20:17:01",
            "db": "PACKETSTORM",
            "id": "50595"
          },
          {
            "date": "2006-10-04T00:47:19",
            "db": "PACKETSTORM",
            "id": "50543"
          },
          {
            "date": "2008-03-19T02:18:56",
            "db": "PACKETSTORM",
            "id": "64684"
          },
          {
            "date": "2007-04-19T00:58:08",
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "date": "2006-10-04T00:44:50",
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "date": "2006-10-04T01:20:54",
            "db": "PACKETSTORM",
            "id": "50560"
          },
          {
            "date": "2006-10-25T21:37:36",
            "db": "PACKETSTORM",
            "id": "51324"
          },
          {
            "date": "2006-10-04T00:46:38",
            "db": "PACKETSTORM",
            "id": "50548"
          },
          {
            "date": "2001-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2007-04-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2006-09-28T18:07:00",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2007-02-09T00:00:00",
            "db": "CERT/CC",
            "id": "VU#423396"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#386964"
          },
          {
            "date": "2007-02-08T00:00:00",
            "db": "CERT/CC",
            "id": "VU#845620"
          },
          {
            "date": "2011-07-22T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547300"
          },
          {
            "date": "2011-05-09T19:53:00",
            "db": "BID",
            "id": "20247"
          },
          {
            "date": "2022-02-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          },
          {
            "date": "2008-12-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000593"
          },
          {
            "date": "2025-04-09T00:30:58.490000",
            "db": "NVD",
            "id": "CVE-2006-2940"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "56053"
          },
          {
            "db": "PACKETSTORM",
            "id": "50535"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.8
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "X.509 certificate verification may be vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#423396"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200609-533"
          }
        ],
        "trust": 0.6
      }
    }